I have not been able to find this too. I don't believe it can be done. Acs can only do the authentication, not authorization.This is done by creating a local user in csm with same login Id and setting the role there (admin, approver, helpdesk, etc).
If anybody does know if it can be done please post
Sent from Cisco Technical Support Android App