cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

931
Views
0
Helpful
4
Replies
Highlighted

ACS 5.1 and Administrator Privileges

Hello,

until now we have an ACS 4.1 System up and running and we have several administrator accounts which can only edit users for one specified group. Now we would like to upgrade to 5.1 and I could not find the possibility to give an administrative users priviliges only for one identity group. Is this still possible? I did not find anything about that in the documentation of ACS 5.1

Thanks for help

Andreas

Everyone's tags (4)
4 REPLIES 4
Highlighted
Cisco Employee

Re: ACS 5.1 and Administrator Privileges

Hi,

All about the administrators accounts in ACS 5.1 can be found here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_admin.html.

You have diferent roles with different privileges in ACS 5.x.

you can go through the different roles permissions and check which one most suits you.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Highlighted

Re: ACS 5.1 and Administrator Privileges

Hi Tiago,

as far as I can see I could set up different roles but not a rules that allow one admin user to edit only internal user from a specifed indentity group. And we need this because we have different customers on our ACS 4.1 system and if one customer could edit other customer users we will run in deep trouble.

Best regards

Andreas

Highlighted
Cisco Employee

Re: ACS 5.1 and Administrator Privileges

Yes, I understand, but this is the wayt it was designed.

I am afraid you will have to adapt, or submit a Product Enhancement Request (PER) via your Cisco Account team.

Thanks,

Tiago

Highlighted
Beginner

Re: ACS 5.1 and Administrator Privileges

Andreas,

I'm aware of the age of this post but did you submit a PER as this is something we need ourselves?

Tiago posted "but this is the way it was designed" which by now I would say is entirely accurate. But to be honest the design of ACS 5 boggles the mind, what vendor reduces flexibility in a newer version of a tool; particularly a security tool? If anything the more flexible a security tool the more secure that tool becomes. Even the password expiry boolean logic feature in ACS 5 which, I can only say looks like it was an after-thought following customer complaints/requests.

And that's before I even mention the multitude of bugs we've hit since installing the appliances. Honeslty who designed this system???