Cisco Systems CSACS3415K9 사용자 설명서
10-41
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 10 Managing Access Policies
Configuring Compound Conditions
Configuring Compound Conditions
Use compound conditions to define a set of conditions based on any attributes allowed in simple policy
conditions. You define compound conditions in a policy rule page; you cannot define them as separate
condition objects.
conditions. You define compound conditions in a policy rule page; you cannot define them as separate
condition objects.
This section contains the following topics:
•
•
•
Compound Condition Building Blocks
shows the building blocks of a compound condition.
Figure 10-1
Building Blocks of a Compound Condition
•
Operands—Any attribute or condition type, such as Protocol/Request Attributes, Identity
Attributes, Identity Groups, Network Device Groups (NDGs), Date/Time, and Custom or Standard
Conditions.
Attributes, Identity Groups, Network Device Groups (NDGs), Date/Time, and Custom or Standard
Conditions.
•
Relational Operators—Operators that specify the relation between an operand and a value; for
example, equals (=), or does not match. The operators that you can use in any condition vary
according to the type of operand.
example, equals (=), or does not match. The operators that you can use in any condition vary
according to the type of operand.
•
Binary condition—A binary condition defines the relation between a specified operand and value;
for example, [username = “Smith”].
for example, [username = “Smith”].
•
Logical Operators—The logical operators operate on or between binary conditions. The supported
logical operators are AND and OR.
logical operators are AND and OR.
•
Precedence Control—You can alter the precedence of logical operators by using parentheses.
Nested parentheses provide administrator control of precedence. The natural precedence of logical
operators, that is, without parenthesis intervention, is NOT, AND, OR, where NOT has the highest
precedence and OR the lowest.
Nested parentheses provide administrator control of precedence. The natural precedence of logical
operators, that is, without parenthesis intervention, is NOT, AND, OR, where NOT has the highest
precedence and OR the lowest.
summarizes the supported dynamic attribute mapping while building Compound
Conditions.