Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
2
Replies

ACS 5.4 Is it possible to have admins for each device group?

ulises.alonsocamaro
Level 1
Level 1

‎10-29-2013 06:18 AM - edited ‎03-10-2019 09:02 PM

Hi all

I'm reading through the documentation and I don't see where it is possible to create new admin roles. I want to create new admin roles that only have permissions over a specific set of devices (ie, based in location -- I rather would prefer an attribute called department).

I found that it is possible to assign roles dynamically but I don't see how to create new roles and if I can create the type of roles I've used in the example.

Any comment or advice will be more than appreciated

Many thanks!

         Ulises

Labels:
0 Helpful
2 Replies 2

aqjaved
Level 3
Level 3

‎10-30-2013 10:04 AM

The ACS administrator might choose to create multiple access services to allow clean separation and isolation for processing different kinds of access requests. ACS provides two default access services:

•                                                  Default Device Admin—Used for TACACS+ based access to device CLI

•   Default Network Access—Used for RADIUS-based access to network connectivity

You can use the access services as is, modify them, or delete them as needed. You can also create additional access services.

Please check the below for configuration:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/policy_mod.html#wp1083695

0 Helpful

ulises.alonsocamaro
Level 1
Level 1
In response to aqjaved

‎10-30-2013 11:55 AM

Many thanks for your reply Ageel!

I think I didn't explain properly. I want to create restricted administrators in the ACS itself, not in the TACACS+ clients...

Seems like the way for doing this would be to create a new admin role that can operate on a given set of devices but so far what I have seen is that it is not possible to create new admin roles...

is this right?

Regards

     Ulises

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents