Configuring A Shell Command Authorization Set For A User Group - Cisco Servers User Manual

Configuration-specific User Group Settings
Step 5
Warning
Step 6
Step 7

Configuring a Shell Command Authorization Set for a User Group

Note
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
6-30
To allow all services to be permitted unless specifically listed and disabled, you
can select the Default (Undefined) Services check box under the Checking this
option will PERMIT all UNKNOWN Services table.
This is an advanced feature and should only be used by administrators who
understand the security implications.
To save the group settings you have just made, click Submit.
For more information, see the
on page 6-50.
To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
Use this procedure to specify the shell command authorization set parameters for
a group. There are four basic options:
None—No authorization for shell commands
•
Assign a Shell Command Authorization Set for any network device—One
•
shell command authorization set is assigned, and it applies to all network
devices
• Assign a Shell Command Authorization Set on a per Network Device
Group Basis—Enables you to associate particular shell command
authorization sets to be effective on particular NDGs
Per Group Command Authorization—Enables you to permit or deny
•
specific Cisco IOS commands and arguments at the group level
This feature requires that you have previously configured a shell command
authorization set. For detailed steps, see the
Configuration" section on page
Chapter 6 Setting Up and Managing User Groups
"Saving Changes to User Group Settings" section
"Command Authorization Sets
5-14.
78-13751-01, Version 3.0