I know that CW Common Services 3.3 does not work with pre-defined roles on ACS AAA. So I followed these forums and enabled non-ACS AAA and selected TACACS+. I have a single rule that is matching in my ACS (after looking at the audit trail):
As you may have noticed even though it is matching an access service that allows Priv15. That doesn't seem to be passing through as you can see on top I am only receiving Priv 1. What can I do to properly pass through the access service profile?
CSM can do authentication from a non-Cisco TACACS server and you can register ACS 5.x as such. However, authorization in these cases will have to come from the CSM's internal database.
In short: you can use the ACS for authentication (so the users wouldn't need to remember yet another password) then replicate those users, who you want to access CSM within CSM (it's not important what password you set for them) and set up the access rights you wish to give them from within CSM.