Note: The Uplogix Control Center must be running a minimum of version 4.0 for the following procedure.
1) On your ACS, create a group for your users and then edit it by clicking Edit Settings.
2) Then edit that group to include the following options: Shell (exec) and Access control list. Add a list of groups that you wish your users to be a part of, and then click Submit + Restart.
NOTE: If you are using ACS Authorization with Cisco IOS, the access control list field requires numbers (that map to privilege levels in IOS) and will stop working if letters are used. If IOS will be using the same users / groups as your Uplogix products, you can create groups on the Control Center with the names 1, 2, etc. (Submitted by Ross V.)
3) Next, create a user, or edit an existing user.
4) Assign the user a password, and assign them to the group we created above. Then click Submit.
5) Now, in the Control Center, go to Administration -> Groups -> Create Group.
Create a group here to match the sub-group(s) in the Access Control List created on the ACS.
6) In your inventory, assign the group privileges as appropriate.
7) Now, when that user logs into an appliance using their TACACS user ID, they
will be given privileges based on their TACACS ACL and the group
associated with it.
* Note: If you have a stand alone appliance then you must assign each role individually, you can add permissions globally, you must add each resource individually.