Cisco Systems Servers Manuale Utente

The Shared Profile Components section enables administrators to develop and 
name reusable, shared sets of authorization components which may be applied to 
one or more users or groups of users and referenced by name within their profiles. 
These comprise network access restrictions (NARs), command authorization sets, 
and downloadable PIX ACLs.

 The Shared Profile Components section of Cisco Secure Access Control Server 
for Windows NT/2000 Servers Version 3.0 (Cisco Secure ACS) addresses the 
scalability of selective authorization. Shared profile components can be 
configured once and then applied to many users or groups. Without this ability, 
flexible and comprehensive authorization could only be accomplished by 
explicitly configuring the authorization of each user group for each possible 
command on each possible device. The creation and application of these named 
shared profile components (access restrictions, command sets, and ACLs) make 
it unnecessary to repeatedly enter long lists of devices or commands when 
defining network access parameters. 

Shared profile components also provide the means for one device to issue a 
command on behalf of another device or devices. Their scalability extends to the 
following capabilities:

A means to determine the list of commands a user could issue against one or 
more devices in the network

A means to determine the list of devices on which a particular user may 
execute a particular command.