Specific, complicated, detailed user rights possibility?

[Mart Pirita]

Hi,


We have idea to use radius for rights and ldap for authentication. So 
that radius acts proxy for external ldap and this part is working.

But we need more detailed setup, for example, the idea is to allow user1 
access some switches and disable user1 to access some other switches. 
And then even more specific rights, for example, switches which user1 
can access, he have some switch with read-only and some other switch 
with read-write rights.

And do it with groups, not using different configuration for every user, 
for example, so that users are listed in as groups, and these groups are 
used in access configurations?

Huntgroups may be the solution, but as far I know, huntgroups are for 
device, and not for user rights. Also I don't know, can one and same 
device IP exist in many different huntgroups and can one huntgroup 
include other huntgroups?

Is such setup possible and if yes, then how?

-- 
Mart