[c-nsp] Privilege levels and Secure ACS

[Kim Onnel]

Now, i need to enable some commands under the configuration terminal, so 
that the NOC can shut/no shut interfaces, but not do anything else, is this 
possible with ACS ?

On 7/4/05, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> 
> Yes, check out 
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/c.htm#778and 
> http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/u.htm#94659
>  you'll get the idea..
>   oli
> 
>  ------------------------------
> *From:* Kim Onnel [mailto:karim.adel at gmail.com] 
> *Sent:* Monday, July 04, 2005 4:56 PM
> *To:* Oliver Boehmer (oboehmer)
> *Subject:* Re: [c-nsp] Privilege levels and Secure ACS
> 
> we have the windows version, i guess the same could be done, i'll check, 
> thanks
> 
> On 7/4/05, Oliver Boehmer (oboehmer) < oboehmer at cisco.com> wrote: 
> > 
> > Kim Onnel <> wrote on Monday, July 04, 2005 4:39 PM: 
> > 
> > > Hi,
> > >
> > > I want to differentiate NOC privileges from core engineers when
> > > working on the routers.
> > >
> > > We are using Cisco secure ACS 3.1, i quickly looked at old
> > > documentations, but all i get is how to do it on the CLI, which if i 
> > > understand correctly is troublesome, i want the noc users to be able
> > > to show running-config, clear, reload, ... and all the arguments for
> > > these commands, i used * and it worked for all commands except for 
> > > "sh run", i found my self having to add alot of things.
> > >
> > > privilege exec level 2 reload
> > [...]
> > >
> > > And since i have ACS, i want to do it centralized on the ACS, is
> > > there any new features i should be aware of, new stuff in ACS 3.3 or
> > > new IOS features related.
> > >
> > > Any guide on how to do it on ACS, tricks?
> > 
> > You want to use command authorization, please see
> > http://www.cisco.com/warp/public/480/8.shtml for IOS config and ACS-Unix
> > profiles..
> > 
> > oli
> > 
> 
>