04-06-2011 05:42 AM - edited 03-10-2019 05:58 PM
Dear all,
We are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.
Here's the context :
We have a company A which is having devices, this company uses Group A.
then we have a company B which is having devices, this company uses Group B.
But the admin has to manage the devices for both companies A & B.
We don't want to mix devices from company A with company B.
Is there a way to add the user into both groups A & B.
Thank you for your help, really appreciated,
04-06-2011 05:45 AM
Hi,
If users are locally defined on ACS' internal DB, they can be part of only a single group.
Paps
04-06-2011 06:18 AM
Hello,
thank you for your feedback,
But as you can imagine this absolutely not handy.
Is there a workaround to have this working ?
Is Cisco planning a change with this in future releases ?
Thanks
06-02-2011 07:25 PM
The user repository shouldn't have any real impact on the devices under management. You should be able to segregate the devices into 2 different containers easily enough. To allow your administrator to manage both sets of devices, you must simply permit the identity group that the admin is a member of to admin both sets of devices. If the admin is a unique class of user, create an identity group for the admin alone.
06-02-2011 11:31 PM
Hello a-ford,
Thank you very much for your answer.
We usually create a container per company.
The idea would be if we have company A and company B to have an user managing both container with limited rights (Like an IT Admin that is in charge for both).
Additionnaly the Admin should have full access on both companies containers.
Is this possible ?
Thank you
06-03-2011 07:27 AM
That should be easy enough to do. As an example, I would create a new Network Device Group category named Company. Within that category, create a group named Company A and a group named Company B. Associate all devices to their appropriate Company. You can then create 3 Identity Groups (Company A, Company B, and Admin) and create the appropriate user account in each.
Then under the Access Polices, either with the default device admin policy or within newly created policies, you can grant control of Company A and Company B to their respective users as well as granting control of both to your Admin group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide