10-3
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 10 Setting Up and Managing Administrators and Policy
Administrator Accounts
Administrator Privileges
You can grant appropriate privileges to each Cisco Secure ACS administrator by
assigning privileges on an administrator-by-administrator basis. You control
privileges by selecting the options from the Administrator Privileges table on the
Add Administrator or Edit Administrator pages. These options are listed below:
•
User and Group Setup—Contains the following privilege options for the
User Setup and Group Setup sections of the HTML interface:
–
Add/Edit users in these groups—Enables the administrator to add or
edit users and to assign users to the groups in the Editable groups list.
–
Setup of these groups—Enables the administrator to edit the settings for
the groups in the Editable groups list.
–
Available Groups—Lists the user groups for which the administrator
does not have edit privileges and to which the administrator cannot add
users.
–
Editable Groups—Lists the user groups for which the administrator
does have edit privileges and to which the administrator can add users.
•
Shared Profile Components—Contains the following privilege options for
the Shared Profile Components section of the HTML interface:
–
Network Access Restriction Sets—Allows the administrator full access
to the Network Access Restriction Sets feature.
–
Downloadable ACLs—Allows the administrator full access to the
Downloadable PIX ACLs feature.
–
Create New Device Command Set Type—Allows the administrator
account to be used as valid credentials by another Cisco application for
adding new device command set types. New device command set types
that are added to Cisco Secure ACS using this privilege appear in the
Shared Profile Components section of the HTML interface.
–
Shell Command Authorization Sets—Allows the administrator full
access to the Shell Command Authorization Sets feature.
–
PIX Command Authorization Sets—Allows the administrator full
access to the PIX Command Authorization Sets feature.