Solved: Read only access to the ACS for a specific group

Steve Coady · ‎10-28-2016

All

I am using a ACS with version (5.5.0.46.8). There is a group within the enterprise that is requesting RO access to the ACS.

This group is already created in the User's and Identity Stores/EXTERNAL/AD/Directory Groups

Under the Policy Elements/Device Admin/Command set, I already have a SHOW Command set created

I have looked in the Access Policies/Acess Services/Default Network access/Authorization but am a little lost after that.

Please advise at your earliest convenience.

sMc

Gagandeep Singh · ‎11-02-2016

Looks like "show" and "sh" causing issue in command set.

If you pass for full access with it. Does it work ?

Secondly, remove "sh" from it and use some specific complete show commands.

Let me know the results!!!!

Gagandeep Singh · ‎10-28-2016

What error coming on ACS report. Is it for internal or AD user ?

Also please share the screenshot of Command set and Authorization policy created.

Regards

Gagan

Steve Coady · ‎11-01-2016

No error on ACS report

The user's would use or could use AD credentials. See attached.

They also have their own specific DIRECTORY GROUP profile

sMc

Gagandeep Singh · ‎11-02-2016

Looks like "show" and "sh" causing issue in command set.

If you pass for full access with it. Does it work ?

Secondly, remove "sh" from it and use some specific complete show commands.

Let me know the results!!!!