Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
13-19
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 13 Distributing Administrative Tasks
About Authenticating Administrative Users
Step 11
Configure Group Mapping:
Step 12
(Optional) Click Add Row to add another group. Repeat step
for each group of users that the
appliance authenticates.
Step 13
Submit and commit your changes.
Setting
Description
Map externally
authenticated users to
multiple local roles
(Recommended)
authenticated users to
multiple local roles
(Recommended)
AsyncOS assigns RADIUS users to appliance roles based on the RADIUS
CLASS attribute. CLASS attribute requirements:
CLASS attribute. CLASS attribute requirements:
•
3 character minimum
•
253 character maximum
•
no colons, commas, or newline characters
•
one or more mapped CLASS attributes for each RADIUS user (With
this setting, AsyncOS denies access to RADIUS users without a
mapped CLASS attribute.)
this setting, AsyncOS denies access to RADIUS users without a
mapped CLASS attribute.)
For RADIUS users with multiple CLASS attributes, AsyncOS assigns the
most restrictive role. For example, if a RADIUS user has two CLASS
attributes, which are mapped to the Operator and Read-Only Operator
roles, AsyncOS assigns the RADIUS user to the Read-Only Operator role,
which is more restrictive than the Operator role.
most restrictive role. For example, if a RADIUS user has two CLASS
attributes, which are mapped to the Operator and Read-Only Operator
roles, AsyncOS assigns the RADIUS user to the Read-Only Operator role,
which is more restrictive than the Operator role.
These are the appliance roles ordered from least restrictive to most
restrictive:
restrictive:
•
Administrator
•
Email Administrator
•
Web Administrator
•
Web Policy Administrator
•
URL Filtering Administrator (for web security)
•
Custom user role (email or web)
If a user is assigned multiple Class attributes that are mapped to
custom user roles, the last class attribute on the list on the RADIUS
server will be used.
custom user roles, the last class attribute on the list on the RADIUS
server will be used.
•
Technician
•
Operator
•
Read-Only Operator
•
Help Desk User
•
Guest
Map all externally
authenticated users to the
Administrator role
authenticated users to the
Administrator role
AsyncOS assigns RADIUS users to the Administrator role.