topic Hello Shameer-Unfortunately, in Network Access Control https://community.cisco.com/t5/network-access-control/creating-different-identity-groups-for-segregating-user-access/m-p/2595529#M74934 <P>Hello Shameer-</P><P>Unfortunately, ACS does not have that type of flexible admin policy. You have the admin roles that are located under System Administration &gt; Administrators &gt; Roles. However, those roles are pre-defined and cannot be edited. In addition, you cannot create any additional roles.&nbsp;</P><P>I hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 27 Jan 2015 00:26:30 GMT nspasov 2015-01-27T00:26:30Z Creating different identity groups for segregating user access https://community.cisco.com/t5/network-access-control/creating-different-identity-groups-for-segregating-user-access/m-p/2595528#M74932 <P>Hi Team,</P><P>&nbsp;</P><P>We have ACS 5.1 in place and created few users for providing access to the network equipment using RADIUS.</P><P>Our requirement is to 1. controll access for users to specified network equipments.</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2. create a new set of users where they have exclusive access for the ssl vpn acounts.</P><P>&nbsp;Now whatever users created in the ACS is can access all the network devices. we are trying to restrict user/group based access to the devices.</P><P>&nbsp;</P><P>Thanks in advance....</P><P>&nbsp;</P><P>Warm Regards,</P><P>Shameer SA</P> Mon, 11 Mar 2019 05:22:34 GMT https://community.cisco.com/t5/network-access-control/creating-different-identity-groups-for-segregating-user-access/m-p/2595528#M74932 shameer sa 2019-03-11T05:22:34Z Hello Shameer-Unfortunately, https://community.cisco.com/t5/network-access-control/creating-different-identity-groups-for-segregating-user-access/m-p/2595529#M74934 <P>Hello Shameer-</P><P>Unfortunately, ACS does not have that type of flexible admin policy. You have the admin roles that are located under System Administration &gt; Administrators &gt; Roles. However, those roles are pre-defined and cannot be edited. In addition, you cannot create any additional roles.&nbsp;</P><P>I hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 27 Jan 2015 00:26:30 GMT https://community.cisco.com/t5/network-access-control/creating-different-identity-groups-for-segregating-user-access/m-p/2595529#M74934 nspasov 2015-01-27T00:26:30Z