Hi
You can assign only 1 group power user.
You have 2 choices:
- you create as many groups as needed and push these groups through radius and then filter accesses using standard policies
- you have 1 group for all users and push them a vpn filter acl using filter-id attribute or dACL which is passed using cisco av-pair attribute.
Your radius is Cisco ISE or something else?
Your last question is to provide internet access to anyconnect using their local internet (so split tunnel should be used) or through central internet (full tunnel should be configured).
Thanks
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question