Cisco Systems Servers Manuale Utente

—This section 

details procedures that you would perform only as applicable to your 
particular network security configuration. 

—This section includes basic 

administrative procedures, such as determining the users in a group or 
renaming a group.

The Group Setup section of the Cisco Secure ACS HTML interface is the 
centralized location for operations regarding user group configuration and 
administration. For information about network device groups (NDGs), see the 

.

If you have not configured group mapping for an external user database, 
Cisco Secure ACS assigns users who are authenticated by the Unknown User 
Policy to the Default Group the first time they log in. The privileges and 
restrictions for the default group are applied to first-time users. If you have 
upgraded from a previous version of Cisco Secure ACS and kept your database 
information, Cisco Secure ACS retains the group mappings you configured 
before upgrading.

Cisco Secure ACS enables a full range of settings for TACACS+ at the group 
level. If a AAA client has been configured to use TACACS+ as the security 
control protocol, you can configure standard service protocols, including PPP IP, 
PPP LCP, ARAP, SLIP, and Shell(exec), to be applied for the authorization of each 
user who belongs to a particular group.

You can also configure TACACS+ settings at the individual user level. 
User-level settings always override group level settings.