Cisco Cisco Web Security Appliance S170 Guía Del Usuario
26-14
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Defining User Preferences
Step 9
Configure Group Mapping:
Step 10
Choose whether to map all externally authenticated users to the Administrator role or to different
appliance user role types.
appliance user role types.
Step 11
If you map users to different role types, enter the group name as defined in the RADIUS CLASS attribute
in the Group Name or Directory field, and choose an appliance role type from the Role field. You can
add more role mappings by clicking Add Row.
in the Group Name or Directory field, and choose an appliance role type from the Role field. You can
add more role mappings by clicking Add Row.
For more information on user role types, see
.
Step 12
Submit and commit your changes.
Defining User Preferences
Local users can define preference settings, such as language, specific to each account. These settings
apply by default when the user first logs into the appliance. The preference settings are stored for each
user and are the same regardless from which client machine the user logs into the appliance.
apply by default when the user first logs into the appliance. The preference settings are stored for each
user and are the same regardless from which client machine the user logs into the appliance.
When users change these settings but do not commit the changes, the settings revert to the default values
when they log in again.
when they log in again.
Setting
Description
Map externally authenticated
users to multiple local roles.
users to multiple local roles.
AsyncOS assigns RADIUS users to appliance roles based on the
RADIUS CLASS attribute. CLASS attribute requirements:
RADIUS CLASS attribute. CLASS attribute requirements:
•
3 character minimum
•
253 character maximum
•
no colons, commas, or newline characters
•
one or more mapped CLASS attributes for each RADIUS user
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
For RADIUS users with multiple CLASS attributes, AsyncOS
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
These are the appliance roles ordered from least restrictive to most
restrictive:
restrictive:
•
Administrator
•
Operator
•
Read-Only Operator
•
Guest
Map all externally authenticated
users to the Administrator role.
users to the Administrator role.
AsyncOS assigns RADIUS users to the Administrator role.