Showing results for 
Search instead for 
Did you mean: 

ACS - Local access to ACS server - creating user accounts

steve pearson


I am quite familar with ACS and have granted access to resources through configuring Group Mappings to our AD including WCS acces and access to network switches.

However I want to grant access to staff to be able to create local accounts on ACS to a local ACS group.  This group contains user accounts for 802.1x access to resources and so is a local ACS group only.

Is this possible?

Where abouts on the local ACS user account would I modify access to these limited functions on ACS?

ACS v4.1.

Many thanks!!


6 Replies 6

Cisco Employee
Cisco Employee

Hello Steve,

you can do this under administrator priviliges.

for details , please refer to

" You can grant appropriate privileges to each ACS administrator by  assigning privileges on an administrator-by-administrator basis. You  control privileges by selecting the options from the Administrator  Privileges table on the Add Administrator or Edit Administrator pages.  These options are: "

User and Group Setup—Contains the following privilege options for the User Setup and Group Setup sections of the web interface:

Add/Edit users in these groups—Enables the administrator to add or edit users and to assign users to the groups in the Editable groups list.

Setup of these groups—Enables the administrator to edit the settings for the groups in the Editable groups list.

Available Groups—Lists the user groups for which the administrator does not have edit privileges and to which the administrator cannot add users.

Editable Groups—Lists the user groups for which the administrator does have edit privileges and to which the administrator can add users."

Best regards



please rate answers that you find useful , and mark as answered ( when it is :-) )

Hi Talal

Thank you for posting back!

I'm still not quite sure where I would granually set permissions to just create users in a group and have no other access, is this possible?  If so the area I'm unsure about is where do you define this in the user page (bearing in mind I'm still on version 4.1 which isn't that intuitive!).

If you could help me out more that would be great!!

Thanks again


Hello Steve,

for specific user (administrator), you need to go administration control ->>> click on adming name

remove all check boxes under administrator priviliges. and keep only  Add/Edit users in these group.

and move that desired group only to right box.

note you can select Add/Edit users in these group, there is no option Just to add users only....

Kind regards


Brilliant! Overlooked that area of ACS!!



Dear Experts,

My boss is asking to provide below command only to desktop engineers, I saw some pre-defined group there but not sure how to customize to work only below commands.

Cisco ACS: ACS1113

show interfaces

show log

clear port-security sticky interface

Configure Terminal



no shutdown

Could you please advice?


Stalin P

Sent from Cisco Technical Support iPhone App

Sure, I'll send you some info when I'm in front of my acs server...

Sent from my iPhone

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers