Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 281

    Page 281 25 Managing Access Policies Configuring Access Service Policies To configure a rule-based policy, see these topics: Creating Policy Rules, page 37 Duplicating a Rule, page 38 Editing Policy Rules, page 39 Deleting Policy Rules, page 39 For information about configuring an identity policy for Host Lookup requests, see Configuring an Authorization Policy for Host Lookup Requests, page 18. Table 89 Rule-based Identity Policy Page Option Description Policy type Defines the type of policy to... 
    25   
Managing Access Policies
Configuring Access Service Policies
To configure a rule-based policy, see these topics:
Creating Policy Rules, page 37
Duplicating a Rule, page 38
Editing Policy Rules, page 39
Deleting Policy Rules, page 39
For information about configuring an identity policy for Host Lookup requests, see Configuring an Authorization Policy for 
Host Lookup Requests, page 18.
Table 89 Rule-based Identity Policy Page 
Option Description
Policy type Defines the type of policy to...

    Page 282

    Page 282 26 Managing Access Policies Configuring Access Service Policies Related Topics Configuring a Group Mapping Policy, page 27 Configuring a Session Authorization Policy for Network Access, page 30 Configuring a Session Authorization Policy for Network Access, page 30 Configuring Shell/Command Authorization Policies for Device Administration, page 35 Configuring Identity Policy Rule Properties You can create, duplicate, or edit an identity policy rule to determine the identity databases that are used... 
    26
Managing Access Policies
 
Configuring Access Service Policies
Related Topics
Configuring a Group Mapping Policy, page 27
Configuring a Session Authorization Policy for Network Access, page 30
Configuring a Session Authorization Policy for Network Access, page 30
Configuring Shell/Command Authorization Policies for Device Administration, page 35
Configuring Identity Policy Rule Properties
You can create, duplicate, or edit an identity policy rule to determine the identity databases that are used...

    Page 283

    Page 283 27 Managing Access Policies Configuring Access Service Policies Configuring a Group Mapping Policy Configure a group mapping policy to map groups and attributes that are retrieved from external identity stores to ACS identity groups. When ACS processes a request for a user or host, this policy retrieves the relevant identity group which can be used in authorization policy rules. If you created an access service that includes a group mapping policy, you can configure and modify this policy. You can... 
    27   
Managing Access Policies
Configuring Access Service Policies
Configuring a Group Mapping Policy
Configure a group mapping policy to map groups and attributes that are retrieved from external identity stores to ACS 
identity groups. When ACS processes a request for a user or host, this policy retrieves the relevant identity group which 
can be used in authorization policy rules.
If you created an access service that includes a group mapping policy, you can configure and modify this policy. You can...

    Page 284

    Page 284 28 Managing Access Policies Configuring Access Service Policies 2.Select an identity group. Table 91 Simple Group Mapping Policy Page Option Description Policy type Defines the type of policy to configure: Simple—Specifies the results to apply to all requests. Rule-based—Configure rules to apply different results depending on the request. Caution: If you switch between policy types, you will lose your previously saved policy configuration. Identity Group Identity group to which attributes and groups... 
    28
Managing Access Policies
 
Configuring Access Service Policies
2.Select an identity group.
Table 91 Simple Group Mapping Policy Page
Option Description
Policy type Defines the type of policy to configure:
Simple—Specifies the results to apply to all requests.
Rule-based—Configure rules to apply different results depending on the request. 
Caution: If you switch between policy types, you will lose your previously saved policy configuration.
Identity Group Identity group to which attributes and groups...

    Page 285

    Page 285 29 Managing Access Policies Configuring Access Service Policies 3.Click Save Changes to save the policy. To configure a rule-based policy, see these topics: Creating Policy Rules, page 37 Duplicating a Rule, page 38 Editing Policy Rules, page 39 Deleting Policy Rules, page 39 Related Topics Viewing Identity Policies, page 23 Configuring a Session Authorization Policy for Network Access, page 30 Configuring a Session Authorization Policy for Network Access, page 30 Configuring Shell/Command... 
    29   
Managing Access Policies
Configuring Access Service Policies
3.Click Save Changes to save the policy.
To configure a rule-based policy, see these topics:
Creating Policy Rules, page 37
Duplicating a Rule, page 38
Editing Policy Rules, page 39
Deleting Policy Rules, page 39
Related Topics
Viewing Identity Policies, page 23
Configuring a Session Authorization Policy for Network Access, page 30
Configuring a Session Authorization Policy for Network Access, page 30
Configuring Shell/Command...

    Page 286

    Page 286 30 Managing Access Policies Configuring Access Service Policies Configuring a Session Authorization Policy for Network Access When you create an access service for network access authorization, it creates a Session Authorization policy. You can then add and modify rules to this policy to determine the access permissions for the client session. You can create a standalone authorization policy for an access service, which is a standard first-match rule table. You can also create an authorization... 
    30
Managing Access Policies
 
Configuring Access Service Policies
Configuring a Session Authorization Policy for Network Access
When you create an access service for network access authorization, it creates a Session Authorization policy. You can 
then add and modify rules to this policy to determine the access permissions for the client session. 
You can create a standalone authorization policy for an access service, which is a standard first-match rule table. You 
can also create an authorization...

    Page 287

    Page 287 31 Managing Access Policies Configuring Access Service Policies Configuring Network Access Authorization Rule Properties Use this page to create, duplicate, and edit the rules to determine access permissions in a network access service. 1.Select Access Policies > Access Services > > Authorization, and click Create, Edit, or Duplicate. Table 94 Network Access Authorization Policy Page Option Description Status Rule statuses are: Enabled—The rule is active. Disabled—ACS does not apply the results of... 
    31   
Managing Access Policies
Configuring Access Service Policies
Configuring Network Access Authorization Rule Properties
Use this page to create, duplicate, and edit the rules to determine access permissions in a network access service.
1.Select Access Policies > Access Services >  > Authorization, and click Create, Edit, or Duplicate.
Table 94 Network Access Authorization Policy Page
Option Description
Status Rule statuses are:
Enabled—The rule is active.
Disabled—ACS does not apply the results of...

    Page 288

    Page 288 32 Managing Access Policies Configuring Access Service Policies 2.Complete the fields as described in Table 95 on page 32: Note: ACS allows you to create an internal user account using the identity string attribute to match a particular NDG:location only by configuring the detailed path of the NDG. Configuring Device Administration Authorization Policies A device administration authorization policy determines the authorizations and permissions for network administrators. You create an authorization... 
    32
Managing Access Policies
 
Configuring Access Service Policies
2.Complete the fields as described in Table 95 on page 32:
Note: ACS allows you to create an internal user account using the identity string attribute to match a particular 
NDG:location only by configuring the detailed path of the NDG.
Configuring Device Administration Authorization Policies
A device administration authorization policy determines the authorizations and permissions for network administrators. 
You create an authorization...

    Page 289

    Page 289 33 Managing Access Policies Configuring Access Service Policies The Device Administration Authorization Policy page appears as described in Table 96 on page 33. Configuring Device Administration Authorization Rule Properties Use this page to create, duplicate, and edit the rules to determine authorizations and permissions in a device administration access service. Select Access Policies > Access Services > service > Authorization, and click Create, Edit, or Duplicate. The Device Administration... 
    33   
Managing Access Policies
Configuring Access Service Policies
The Device Administration Authorization Policy page appears as described in Table 96 on page 33.
Configuring Device Administration Authorization Rule Properties
Use this page to create, duplicate, and edit the rules to determine authorizations and permissions in a device 
administration access service. 
Select Access Policies > Access Services > service > Authorization, and click Create, Edit, or Duplicate.
The Device Administration...

    Page 290

    Page 290 34 Managing Access Policies Configuring Access Service Policies Configuring Device Administration Authorization Exception Policies You can create a device administration authorization exception policy for a defined authorization policy. Results from the exception rules always override authorization policy rules. Use this page to: View exception rules. Delete exception rules. Open pages that create, duplicate, edit, and customize exception rules. Select Access Policies > Access Services > service... 
    34
Managing Access Policies
 
Configuring Access Service Policies
Configuring Device Administration Authorization Exception Policies 
You can create a device administration authorization exception policy for a defined authorization policy. Results from the 
exception rules always override authorization policy rules.
Use this page to:
View exception rules.
Delete exception rules. 
Open pages that create, duplicate, edit, and customize exception rules. 
Select Access Policies > Access Services > service...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals