Hi Raj,
How does user authentication happen over here using any external radius server (ACS 5.3 version ).
Cisco ACS 5.3 has got that feature
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/policy_mod.html
You can base permissions on various conditions besides identity, and permissions are no longer associated with user groups. You can use session and environment attributes, such as access location, access type, health of the end station, date, time, and so on, to determine the type of access to be granted.
HTH
Sandy.