The ISE TACAS policies above are linked to AD account groups located under MOPT - System - Cisco - ISE.
The ISE Super Admin and Switch Admin groups have been assigned Privilege 15 with full administrative access.
The Switch_ReadOnly group has been assigned Privilege 1 (read-only) and is restricted to the following commands:
show running-configshow startup-configshow versionshow ip interface briefshow interfacesshow vlanshow cdp neighborspingtraceroute