Advanced User Authentication Settings
Step 6
Configuring a Shell Command Authorization Set for a User
User Guide for Cisco Secure ACS for Windows Server
7-26
Do one of the following:
If you are finished configuring the user account options, click Submit to
•
record the options.
To continue to specify the user account options, perform other procedures in
•
this chapter, as applicable.
Use this procedure to specify the shell command authorization set parameters for
a user. You can choose one of five options:
None—There is no authorization for shell commands.
•
Group—For this user, the group-level shell command authorization set
•
applies.
Assign a Shell Command Authorization Set for any network device—One
•
shell command authorization set is assigned, and it applies all network
devices.
Assign a Shell Command Authorization Set on a per Network Device
•
Group Basis—Particular shell command authorization sets are to be effective
on particular NDGs. When you select this option, you create the table that
lists what NDG associates with what shell command authorization set.
Per User Command Authorization—Enables you to permit or deny specific
•
Cisco IOS commands and arguments at the user level.
Before You Begin
Make sure that a AAA client has been configured to use TACACS+ as the
•
security control protocol.
•
In the Advanced Options section of Interface Configuration, ensure that the
Per-user TACACS+/RADIUS Attributes check box is selected.
•
In the TACACS+ (Cisco) section of Interface Configuration, ensure that the
Shell (exec) option is selected in the User column.
Ensure that you have already configured one or more shell command
•
authorization sets. For detailed steps, see
Set, page
5-31.
Chapter 7
User Management
Adding a Command Authorization
78-16592-01