Cisco Cisco Web Security Appliance S170 사용자 가이드
9-22
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 9 Identities
Configuring Identities in Other Policy Groups
Note
When you commit a change to Identities, end-users must re-authenticate.
Configuring Identities in Other Policy Groups
Every non-Identity policy group specifies at least one Identity group as part of its policy group
membership. You can configure a non-Identity policy group to use multiple Identity groups, and you can
specify which users or groups of users are authorized to access the web using the policy group.
membership. You can configure a non-Identity policy group to use multiple Identity groups, and you can
specify which users or groups of users are authorized to access the web using the policy group.
You might want to specify multiple Identity groups in a policy group under the following circumstances:
•
You have an Identity group defined for HTTP transactions and another Identity group defined for
native FTP transactions. You can create a single non-Identity policy group that applies to both HTTP
and native FTP transactions
native FTP transactions. You can create a single non-Identity policy group that applies to both HTTP
and native FTP transactions
•
Separate Identity groups are defined for each authentication realm. You want to create one Access
Policy group that defines the same access control settings for users in multiple authentication
realms.
Policy group that defines the same access control settings for users in multiple authentication
realms.
Note
You can also specify All Identities and configure the authenticated users.
shows a policy group that uses multiple Identities.
Figure 9-6
Multiple Identities in a Policy Group
This Identity uses an authentication sequence and this policy group
applies to one realm in the sequence.
applies to one realm in the sequence.
All authenticated users in this Identity are authorized for this policy
group.
group.
The specified user groups in this Identity are authorized for this
policy group.
policy group.