Table of Contents
Advertisement
Command Authorization Sets
About Pattern Matching
Command Authorization Sets Configuration
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
5-14
For information on assigning command authorization sets, see the following
procedures:
Shell Command Authorization Sets—See either of the following:
•
Configuring a Shell Command Authorization Set for a User Group,
–
page 6-30
–
Configuring a Shell Command Authorization Set for a User, page 7-26
PIX Command Authorization Sets—See either of the following:
•
–
Configuring a PIX Command Authorization Set for a User Group,
page 6-32
–
Configuring a PIX Command Authorization Set for a User, page 7-29
For permit/deny command arguments, Cisco Secure ACS applies pattern
matching. That is, the argument permit foo matches any argument that contains
the string foo. Thus, for example, permit foo would allow not only the argument
foo but also the arguments anyfoo and foobar.
To limit the extent of pattern matching you can add the following expressions:
•
dollarsign ($)—Expresses that the argument must end with what has gone
before. Thus permit foo$ would match against foo or anyfoo, but not foobar.
•
caret (^)—Expresses that the argument must begin with what follows. Thus
permit ^foo would match against foo or foobar, but not against anyfoo.
You can combine these expressions to specify absolute matching. In the example
given, you would use permit ^foo$ to ensure that only foo was permitted, and not
anyfoo or foobar.
This section contains the following procedures:
•
Adding a Command Authorization Set, page 5-15
Editing a Command Authorization Set, page 5-17
•
•
Deleting a Command Authorization Set, page 5-17
Chapter 5
Setting Up and Managing Shared Profile Components
78-13751-01, Version 3.0
Advertisement
Table of Contents
Troubleshooting
