Filter
Top Products
16-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 16 Managing System Administrators
Understanding Roles
Predefined Roles
Table 16-1 shows the predefined roles included in ACS:
Table 16-1 Predefined Role Descriptions
Role Privileges
ChangeAdminPassword This role is intended for ACS administrators who manage other administrator accounts. This role
entitles the administrator to change the password of other administrators.
ChangeUserPassword This role is intended for ACS administrators who manage internal user accounts. This role
entitles the administrator to change the password of internal users.
NetworkDeviceAdmin This role is intended for ACS administrators who need to manage the ACS network device
repository only, such as adding, updating, or deleting devices. This role has the following
permissions:
• Read and write permissions on network devices
• Read and write permissions on NDGs and all object types in the Network Resources drawer
PolicyAdmin This role is intended for the ACS policy administrator responsible for creating and managing
ACS access services and access policy rules, and the policy elements referenced by the policy
rules. This role has the following permissions:
• Read and write permissions on all the elements used in policies, such as authorization
profile, NDGs, IDGs, conditions, and so on
• Read and write permissions on services policy
ReadOnlyAdmin This role is intended for ACS administrators who need read-only access to all parts of the ACS
user interface.
This role has read-only access to all resources
ReportAdmin This role is intended for administrators who need access to the ACS Monitoring and Report
Viewer to generate and view reports or monitoring data only.
This role has read-only access on logs.
SecurityAdmin This role is required in order to create, update, or delete ACS administrator accounts, to assign
administrative roles, and to change the ACS password policy. This role has the following
permissions:
• Read and write permissions on internal protocol users and administrator password policies
• Read and write permissions on administrator account settings
• Read and write permissions on administrator access settings
SuperAdmin The Super Admin role has complete access to every ACS administrative function. If you do not
need granular access control, this role is most convenient, and this is the role assigned to the
predefined ACSAdmin account.
This role has Create, Read, Update, Delete, and eXecute (CRUDX) permissions on all resources.