Cisco Systems Servers Manuale Utente
Chapter 3 Setting Up the Cisco Secure ACS HTML Interface
Interface Design Concepts
3-2
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version. 3.0
Tip
If a section of the Cisco Secure ACS HTML interface appears to be “missing”
or “broken” return to the Interface Configuration section and confirm that the
particular section has been activated.
or “broken” return to the Interface Configuration section and confirm that the
particular section has been activated.
Interface Design Concepts
Before you begin to configure the Cisco Secure ACS HTML interface for your
particular configuration, it is helpful to understand a few basic precepts of the
system’s operation. The information in the following sections is necessary for
effective interface configuration.
particular configuration, it is helpful to understand a few basic precepts of the
system’s operation. The information in the following sections is necessary for
effective interface configuration.
User-to-Group Relationship
A user can belong to only one group at a time. As long as there are no conflicting
attributes, users inherit group settings.
attributes, users inherit group settings.
Note
If a user profile has an attribute configured differently from the same attribute
in the group profile, the user setting always overrides the group setting.
in the group profile, the user setting always overrides the group setting.
If a user has a unique configuration requirement, you can make that user a part of
a group and set unique requirements on the User Setup page, or you can assign
that user to his or her own group.
a group and set unique requirements on the User Setup page, or you can assign
that user to his or her own group.
Per-User or Per-Group Features
You can configure most features at both group and user levels, with the following
exceptions:
exceptions:
•
User level only—Static IP address, password, and expiration
•
Group level only—Password aging and time-of-day/day-of-week
restrictions
restrictions