Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1438
Views
0
Helpful
4
Replies

ACS 5.1 and Administrator Privileges

andreas.eichhorn
Level 1
Level 1

‎04-19-2011 02:27 AM - edited ‎03-10-2019 06:00 PM

Hello,

until now we have an ACS 4.1 System up and running and we have several administrator accounts which can only edit users for one specified group. Now we would like to upgrade to 5.1 and I could not find the possibility to give an administrative users priviliges only for one identity group. Is this still possible? I did not find anything about that in the documentation of ACS 5.1

Thanks for help

Andreas

Labels:
0 Helpful
4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

‎04-19-2011 03:41 AM

Hi,

All about the administrators accounts in ACS 5.1 can be found here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_admin.html.

You have diferent roles with different privileges in ACS 5.x.

you can go through the different roles permissions and check which one most suits you.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

andreas.eichhorn
Level 1
Level 1
In response to Tiago Antunes

‎04-19-2011 03:46 AM

Hi Tiago,

as far as I can see I could set up different roles but not a rules that allow one admin user to edit only internal user from a specifed indentity group. And we need this because we have different customers on our ACS 4.1 system and if one customer could edit other customer users we will run in deep trouble.

Best regards

Andreas

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to andreas.eichhorn

‎04-19-2011 03:51 AM

Yes, I understand, but this is the wayt it was designed.

I am afraid you will have to adapt, or submit a Product Enhancement Request (PER) via your Cisco Account team.

Thanks,

Tiago

0 Helpful

ciaranjmurphy
Level 1
Level 1
In response to andreas.eichhorn

‎06-22-2012 07:17 AM

Andreas,

I'm aware of the age of this post but did you submit a PER as this is something we need ourselves?

Tiago posted "but this is the way it was designed" which by now I would say is entirely accurate. But to be honest the design of ACS 5 boggles the mind, what vendor reduces flexibility in a newer version of a tool; particularly a security tool? If anything the more flexible a security tool the more secure that tool becomes. Even the password expiry boolean logic feature in ACS 5 which, I can only say looks like it was an after-thought following customer complaints/requests.

And that's before I even mention the multitude of bugs we've hit since installing the appliances. Honeslty who designed this system???

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents