https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077747#M364603 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Not easy to answer. You need to start with what your organisation wants/needs to achieve and then figure out how to implement in ACS.</P><P></P><P>Typically customers may have several groups of device administrators - perhaps on geography, BU or similar.</P><P></P><P>Device Command Sets (DCS) can be used to defined the various sets of permissions that any one group should get.</P><P></P><P>If you define your devices in Network Device Groups you can, for any given group, map to different DCS based upon which NDG is being accessed.</P><P></P><P>ie you can implement Role Based Access Control. This allows you to give say full access to Group A when managing device group X and perhaps read only when managing device group Y.</P><P></P><P>But the starting point is what your business needs and not what you can do in ACS.</P><P></P><P></P><P></P></BODY></HTML> Thu, 08 Jan 2009 09:17:40 GMT darpotter 2009-01-08T09:17:40Z https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077745#M364573 <P>Hi,</P><P> I have just configured Cisco ACS for windows .In that i created two users, GUEST &amp; ADMIN. ADMIN has all the rights but guest can only run "show" commands. Now my Bose is asking me to create different users &amp; provide different priviledges to them.he asked me to use the best practices followed in industries. </P><P> So my query is : commonly what type of &amp; how many users are created in Cisco ACS &amp; what type of different priviledges provided to each? I know this is some thing not technical but still an expert who is familiar with its installations can answer/ show the road map to me!!!</P><P>Please its urgent!! i have only 1 day time!!! </P> Sun, 10 Mar 2019 23:13:14 GMT https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077745#M364573 rajeev.payal 2019-03-10T23:13:14Z https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077746#M364586 <HTML><HEAD></HEAD><BODY><P>There are three types of users. Their significance varies depending on whether the service requested is authentication.</P><P></P><P>1)Known users</P><P>2)Unknown users</P><P>3)Discovered users</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qu.html#wp277143" target="_blank">http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qu.html#wp277143</A></P><P></P></BODY></HTML> Tue, 09 Dec 2008 17:14:24 GMT https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077746#M364586 vkapoor5 2008-12-09T17:14:24Z https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077747#M364603 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Not easy to answer. You need to start with what your organisation wants/needs to achieve and then figure out how to implement in ACS.</P><P></P><P>Typically customers may have several groups of device administrators - perhaps on geography, BU or similar.</P><P></P><P>Device Command Sets (DCS) can be used to defined the various sets of permissions that any one group should get.</P><P></P><P>If you define your devices in Network Device Groups you can, for any given group, map to different DCS based upon which NDG is being accessed.</P><P></P><P>ie you can implement Role Based Access Control. This allows you to give say full access to Group A when managing device group X and perhaps read only when managing device group Y.</P><P></P><P>But the starting point is what your business needs and not what you can do in ACS.</P><P></P><P></P><P></P></BODY></HTML> Thu, 08 Jan 2009 09:17:40 GMT https://community.cisco.com/t5/network-access-control/type-of-users-created-in-cisco-acs/m-p/1077747#M364603 darpotter 2009-01-08T09:17:40Z