Filter
Top Products
9-18
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 9 Managing Policy Elements
Managing Authorizations and Permissions
• Security groups and security group ACLs for Cisco Security Group Access. See ACS and Cisco
Security Group Access, page 4-23, for information on configuring these policy elements.
These topics describe how to manage authorizations and permissions:
• Creating, Duplicating, and Editing Authorization Profiles for Network Access, page 9-18
• Creating and Editing Security Groups, page 9-24
• Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-24
• Creating, Duplicating, and Editing Command Sets for Device Administration, page 9-29
• Creating, Duplicating, and Editing Downloadable ACLs, page 9-32
• Deleting an Authorizations and Permissions Policy Element, page 9-33
• Configuring Security Group Access Control Lists, page 9-34
Creating, Duplicating, and Editing Authorization Profiles for Network Access
You create authorization profiles to define how different types of users are authorized to access the
network. For example, you can define that a user attempting to access the network over a VPN
connection is treated more strictly than a user attempting to access the network through a wired
connection.
An authorization profile defines the set of attributes and values that the Access-Accept response returns.
You can specify:
• Common data, such as VLAN information, URL for redirect, and more. This information is
automatically converted to the raw RADIUS parameter information.
• RADIUS authorization parameters—You can select any RADIUS attribute and specify the
corresponding value to return.
You can duplicate an authorization profile to create a new authorization profile that is the same, or
similar to, an existing authorization profile. After duplication is complete, you access each authorization
profile (original and duplicated) separately to edit or delete them.
After you create authorization profiles, you can use them as results in network access session
authorization policies.
To create, duplicate, or edit an authorization profile:
Step 1 Select Policy Elements > Authorization and Permissions > Network Access > Authorization Profile.
The Authorization Profiles page appears with the fields described in Table 9-3:
Step 2 Do one of the following:
• Click Create.
• Check the check box next to the authorization profile that you want to duplicate and click Duplicate.
Table 9-3 Authorization Profiles Page
Option Description
Name List of existing network access authorization definitions.
Description Display only. The description of the network access authorization definition.