Cisco Cisco Web Security Appliance S680 Guía Del Usuario
22-10
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Defining User Preferences
Step 8
Configure Group Mapping—Select whether to map all externally authenticated users to the
Administrator role or to different appliance-user role types.
Administrator role or to different appliance-user role types.
Step 9
Submit and commit your changes.
Related Topics
•
•
.
Defining User Preferences
Preference settings, such as reporting display formats, are stored for each user and are the same
regardless from which client machine the user logs into the appliance.
regardless from which client machine the user logs into the appliance.
Step 1
Choose Options > Preferences.
Setting
Description
Map externally authenticated
users to multiple local roles.
users to multiple local roles.
Enter a group name as defined in the RADIUS CLASS attribute,
and choose an appliance Role type. You can add more role
mappings by clicking Add Row.
and choose an appliance Role type. You can add more role
mappings by clicking Add Row.
AsyncOS assigns RADIUS users to appliance roles based on the
RADIUS CLASS attribute. CLASS attribute requirements:
RADIUS CLASS attribute. CLASS attribute requirements:
•
three-character minimum
•
253-character maximum
•
no colons, commas, or newline characters
•
one or more mapped CLASS attributes for each RADIUS user
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
For RADIUS users with multiple CLASS attributes, AsyncOS
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
These are the appliance roles ordered from most restrictive to least
restrictive:
restrictive:
•
Administrator
•
Operator
•
Read-Only Operator
•
Guest
Map all externally authenticated
users to the Administrator role.
users to the Administrator role.
AsyncOS assigns all RADIUS users to the Administrator role.