12-20-2010 08:10 AM - edited 03-10-2019 05:39 PM
I am quite familar with ACS and have granted access to resources through configuring Group Mappings to our AD including WCS acces and access to network switches.
However I want to grant access to staff to be able to create local accounts on ACS to a local ACS group. This group contains user accounts for 802.1x access to resources and so is a local ACS group only.
Is this possible?
Where abouts on the local ACS user account would I modify access to these limited functions on ACS?
12-20-2010 11:15 AM
you can do this under administrator priviliges.
for details , please refer to
" You can grant appropriate privileges to each ACS administrator by assigning privileges on an administrator-by-administrator basis. You control privileges by selecting the options from the Administrator Privileges table on the Add Administrator or Edit Administrator pages. These options are: "
•User and Group Setup—Contains the following privilege options for the User Setup and Group Setup sections of the web interface:
–Add/Edit users in these groups—Enables the administrator to add or edit users and to assign users to the groups in the Editable groups list.
–Setup of these groups—Enables the administrator to edit the settings for the groups in the Editable groups list.
–Available Groups—Lists the user groups for which the administrator does not have edit privileges and to which the administrator cannot add users.
–Editable Groups—Lists the user groups for which the administrator does have edit privileges and to which the administrator can add users."
please rate answers that you find useful , and mark as answered ( when it is :-) )
12-21-2010 01:02 AM
Thank you for posting back!
I'm still not quite sure where I would granually set permissions to just create users in a group and have no other access, is this possible? If so the area I'm unsure about is where do you define this in the user page (bearing in mind I'm still on version 4.1 which isn't that intuitive!).
If you could help me out more that would be great!!
12-21-2010 01:10 AM
for specific user (administrator), you need to go administration control ->>> click on adming name
remove all check boxes under administrator priviliges. and keep only Add/Edit users in these group.
and move that desired group only to right box.
note you can select Add/Edit users in these group, there is no option Just to add users only....
12-21-2010 02:19 AM
Brilliant! Overlooked that area of ACS!!
05-13-2012 10:04 PM
My boss is asking to provide below command only to desktop engineers, I saw some pre-defined group there but not sure how to customize to work only below commands.
Cisco ACS: ACS1113
clear port-security sticky interface
Could you please advice?
Sent from Cisco Technical Support iPhone App
05-14-2012 01:18 AM
Sure, I'll send you some info when I'm in front of my acs server...
Sent from my iPhone
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: