Cisco 3.3 User Manual

Chapter 7 User Management

Advanced User Authentication Settings

7-34

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Note

This is the default setting.

•

Max Privilege for any AAA Client—Enables you to select from a list the
maximum privilege level that will apply to this user on any AAA client on
which this user is authorized.

•

Define Max Privilege on a per-Network Device Group Basis—Enables you
to associate maximum privilege levels to this user in one or more NDGs.

Note

For information about privilege levels, refer to your AAA client
documentation.

Tip

You must configure NDGs from within Interface Configuration before you can
assign user privilege levels to them.

To select and specify the privilege level for a user, follow these steps:

Step 1

Perform Step 1 through Step 3 of

Adding a Basic User Account, page 7-4

.

The User Setup Edit page opens. The username being added or edited is at the top
of the page.

Step 2

Under TACACS+ Enable Control in the Advanced TACACS+ Settings table,
select one of the four privilege options, as follows:

•

Use Group Level Setting

•

No Enable Privilege

Note

(No Enable Privilege is the default setting; when setting up an new
user account, it should already be selected.)

•

Max Privilege for Any Access Server

•

Define Max Privilege on a per-Network Device Group Basis

Step 3

If you selected Max Privilege for Any Access Server in Step 2, select the
appropriate privilege level from the corresponding list.