Cisco Systems Servers Manuale Utente

Chapter 6 Setting Up and Managing User Groups

Configuration-specific User Group Settings

6-32

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

If you select Permit, users can issue all commands not specifically listed. If
you select Deny, users can issue only those commands listed.

To list particular commands to be permitted or denied, select the Command
check box and then type the name of the command, define its arguments using
standard permit or deny syntax, and select whether unlisted arguments should
be permitted or denied.

Warning

This is a powerful, advanced feature and should be completed by an
administrator skilled with Cisco IOS commands. Correct syntax is the
administrator’s responsibility. For information on how Cisco Secure ACS
employs pattern matching in command arguments, see the

“About Pattern

Matching” section on page 5-14

Tip

To enter several commands, you must click Submit after specifying a
command. A new command entry box appears below the box you just
completed.

Configuring a PIX Command Authorization Set for a User Group

Use this procedure to specify the PIX command authorization set parameters for
a user group. There are three basic options:

•

None—No authorization for PIX commands

•

Assign a PIX Command Authorization Set for any network device—One
PIX command authorization set is assigned, and it applies all network devices

•

Assign a PIX Command Authorization Set on a per Network Device
Group Basis—Particular PIX command authorization sets are to be effective
on particular NDGs