Cisco Systems CSACS3415K9 Computer Accessories User Manual


  Open as PDF
of 678
 
3-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 3 ACS 5.x Policy Model
Authorization Profiles for Network Access
Policy Conditions
You can define simple conditions in rule tables based on attributes in:
Customizable conditions—You can create custom conditions based on protocol dictionaries and
identity dictionaries that ACS knows about. You define custom conditions in a policy rule page; you
cannot define them as separate condition objects.
Standard conditions—You can use standard conditions, which are based on attributes that are always
available, such as device IP address, protocol, and username-related fields.
Related Topics
Policy Terminology, page 3-3
Policy Results, page 3-16
Exception Authorization Policy Rules, page 3-12
Policies and Identity Attributes, page 3-17
Policy Results
Policy rules include result information depending on the type of policy. You define policy results as
independent shared objects; they are not related to user or user group definitions.
For example, the policy elements that define authorization and permission results for authorization
policies include:
Identity source and failure options as results for identity policies. See Authorization Profiles for
Network Access, page 3-16.
Identity groups for group mapping. See Group Mapping Policy, page 3-11.
Authorization Profiles for Network Access, page 3-16.
Authorization Policy for Device Administration, page 3-11.
Security groups and security group access control lists (ACLs) for Cisco Security Group Access.
See ACS and Cisco Security Group Access, page 4-23.
For additional policy results, see Managing Authorizations and Permissions, page 9-17.
Related Topics
Policy Terminology, page 3-3
Policy Conditions, page 3-16
Exception Authorization Policy Rules, page 3-12
Policies and Identity Attributes, page 3-17
Authorization Profiles for Network Access
Authorization profiles define the set of RADIUS attributes that ACS returns to a user after successful
authorization. The access authorization information includes authorization privileges and permissions,
and other information such as downloadable ACLs.
 previous next