Setting Enable Privilege Options For A User - Cisco Servers User Manual

Advanced User Authentication Settings

Setting Enable Privilege Options for a User

Tip
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
7-32
Details on configuring user options with the Advanced TACACS+ Settings are
presented in the following three procedures:
Setting Enable Privilege Options for a User, page 7-32
•
Setting TACACS+ Enable Password Options for a User, page 7-34
•
Setting TACACS+ Outbound Password for a User, page 7-35
•
You use TACACS+ Enable Control with Exec session to control administrator
access. Typically, you use it for router management control. From the following
four basic options, you can select and specify the privilege level you want a user
to have.
Use Group Level Setting—Sets the privileges for this user as those
•
configured at the group level.
No Enable Privilege—Disallows enable privileges for this user.
•
This is the default setting.
Note
Max Privilege for any AAA Client—Enables you to select from a list the
•
maximum privilege level that will apply to this user on any AAA client on
which this user is authorized.
• Define Max Privilege on a per-Network Device Group Basis—Enables you
to associate maximum privilege levels to this user in one or more NDGs.
For information about privilege levels, refer to your AAA client
Note
documentation.
You must configure NDGs from within Interface Configuration before you can
assign user privilege levels to them.
Chapter 7 Setting Up and Managing User Accounts
78-13751-01, Version 3.0