Руководство Пользователя для Cisco Cisco Content Security Management Appliance M1070

Configure Group Mapping:

(Optional) Click Add Row to add another group. Repeat step 

 for each group of users that the 

appliance authenticates.

Submit and commit your changes.

Map externally 
authenticated users to 
multiple local roles 
(Recommended)

AsyncOS assigns RADIUS users to appliance roles based on the RADIUS 
CLASS attribute. CLASS attribute requirements:

3 character minimum

253 character maximum

no colons, commas, or newline characters

one or more mapped CLASS attributes for each RADIUS user (With 
this setting, AsyncOS denies access to RADIUS users without a 
mapped CLASS attribute.) 

For RADIUS users with multiple CLASS attributes, AsyncOS assigns the 
most restrictive role. For example, if a RADIUS user has two CLASS 
attributes, which are mapped to the Operator and Read-Only Operator 
roles, AsyncOS assigns the RADIUS user to the Read-Only Operator role, 
which is more restrictive than the Operator role.

These are the appliance roles ordered from least restrictive to most 
restrictive:

Administrator 

Email Administrator 

Web Administrator 

Web Policy Administrator 

URL Filtering Administrator (for web security) 

Custom user role (email or web) 

If a user is assigned multiple Class attributes that are mapped to 
custom user roles, the last class attribute on the list on the RADIUS 
server will be used. 

Technician 

Operator 

Read-Only Operator 

Help Desk User 

Guest 

Map all externally 
authenticated users to the 
Administrator role 

AsyncOS assigns RADIUS users to the Administrator role.