Cisco Cisco Email Security Appliance C170 사용자 가이드

Configure Group Mapping:

Choose whether to map all externally authenticated users to the Administrator role or to different 
appliance user role types.

If you map users to different role types, enter the group name as defined in the RADIUS CLASS attribute 
in the Group Name or Directory field, and choose an appliance role type from the Role field. You can 
add more role mappings by clicking Add Row.

For more information on user role types, see 

Submit and commit your changes.

Map externally authenticated 
users to multiple local roles.

AsyncOS assigns RADIUS users to appliance roles based on the 
RADIUS CLASS attribute. CLASS attribute requirements:

3 character minimum

253 character maximum

no colons, commas, or newline characters

one or more mapped CLASS attributes for each RADIUS user 
(With this setting, AsyncOS denies access to RADIUS users 
without a mapped CLASS attribute.) 

For RADIUS users with multiple CLASS attributes, AsyncOS 
assigns the most restrictive role. For example, if a RADIUS user 
has two CLASS attributes, which are mapped to the Operator and 
Read-Only Operator roles, AsyncOS assigns the RADIUS user to 
the Read-Only Operator role, which is more restrictive than the 
Operator role.

These are the appliance roles ordered from least restrictive to most 
restrictive:

admin

Administrator

Technician

Operator

Read-only Operator

Help Desk User

Guest

Map all externally authenticated 
users to the Administrator role.

AsyncOS assigns RADIUS users to the Administrator role.