11-08-2012 12:42 PM - edited 03-10-2019 07:45 PM
Hello all, I have a problem, I am using ACS 5.3 I have a two set of DeviceGroups (router & switch) and two set of users (G1,G2), here is my question, how can I achieve this:
G1: can hace full access to DeviceGroup1 and DeviceGrup2 --> This works
here comes the tricky part for me....
G2: can have "read only" access to DeviceGroup1 but full access to DeviceGroup2
Have anyone asked this before or is there any document on how to do this.
Thanks a lot!!
Solved! Go to Solution.
11-09-2012 03:35 PM
Hello Cesar-
You can definitely do this in ACS. When you are creating your authorization policies you can be very flexible with the way you grant and deny access to your devices. For your example, you can build rules that are based on:
1. The end user identity group (this can be both internal or AD)
2. The devices type (Switches, routers, etc)
3. The device location (Campus A, Campus B, etc)
So for example, if the user is in the network admin group then he/she will be given full access regardless of device location/type (1st screen shot) but if the user is let's say a "switch admin" then that user will be given full access to switches (2nd screen shot) but only read only access to routers (3rd screen shot)
I hope this makes sense!
Thank you for rating!
11-09-2012 03:35 PM
Hello Cesar-
You can definitely do this in ACS. When you are creating your authorization policies you can be very flexible with the way you grant and deny access to your devices. For your example, you can build rules that are based on:
1. The end user identity group (this can be both internal or AD)
2. The devices type (Switches, routers, etc)
3. The device location (Campus A, Campus B, etc)
So for example, if the user is in the network admin group then he/she will be given full access regardless of device location/type (1st screen shot) but if the user is let's say a "switch admin" then that user will be given full access to switches (2nd screen shot) but only read only access to routers (3rd screen shot)
I hope this makes sense!
Thank you for rating!
11-12-2012 09:25 AM
Hello Neno, thanks a lot this is what I was looking for, it worked !
11-12-2012 10:31 AM
Good to hear and glad I could help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: