Chapter 6
Setting Up and Managing User Groups
Warning
Configuring a PIX Command Authorization Set for a User Group
78-14696-01, Version 3.1
To list particular commands to be permitted or denied, select the Command
c.
check box and then type the name of the command, define its arguments using
standard permit or deny syntax, and select whether unlisted arguments should
be permitted or denied.
This is a powerful, advanced feature and should be used by an administrator
skilled with Cisco IOS commands. Correct syntax is the responsibility of the
administrator. For information on how Cisco Secure ACS uses pattern matching
in command arguments, see
To enter several commands, you must click Submit after specifying a
Tip
command. A new command entry box appears below the box you just
completed.
Use this procedure to specify the PIX command authorization set parameters for
a user group. There are three options:
None—No authorization for PIX commands.
•
Assign a PIX Command Authorization Set for any network device—One
•
PIX command authorization set is assigned, and it applies all network
devices.
Assign a PIX Command Authorization Set on a per Network Device
•
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs.
Configuration-specific User Group Settings
About Pattern Matching, page
User Guide for Cisco Secure ACS for Windows Server
5-15.
6-33