3-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 3 ACS 5.x Policy Model
Authorization Profiles for Network Access
Policy Conditions
You can define simple conditions in rule tables based on attributes in:
• Customizable conditions—You can create custom conditions based on protocol dictionaries and
identity dictionaries that ACS knows about. You define custom conditions in a policy rule page; you
cannot define them as separate condition objects.
• Standard conditions—You can use standard conditions, which are based on attributes that are always
available, such as device IP address, protocol, and username-related fields.
Related Topics
• Policy Terminology, page 3-3
• Policy Results, page 3-16
• Exception Authorization Policy Rules, page 3-12
• Policies and Identity Attributes, page 3-17
Policy Results
Policy rules include result information depending on the type of policy. You define policy results as
independent shared objects; they are not related to user or user group definitions.
For example, the policy elements that define authorization and permission results for authorization
policies include:
• Identity source and failure options as results for identity policies. See Authorization Profiles for
Network Access, page 3-16.
• Identity groups for group mapping. See Group Mapping Policy, page 3-11.
• Authorization Profiles for Network Access, page 3-16.
• Authorization Policy for Device Administration, page 3-11.
• Security groups and security group access control lists (ACLs) for Cisco Security Group Access.
See ACS and Cisco Security Group Access, page 4-23.
For additional policy results, see Managing Authorizations and Permissions, page 9-17.
Related Topics
• Policy Terminology, page 3-3
• Policy Conditions, page 3-16
• Exception Authorization Policy Rules, page 3-12
• Policies and Identity Attributes, page 3-17
Authorization Profiles for Network Access
Authorization profiles define the set of RADIUS attributes that ACS returns to a user after successful
authorization. The access authorization information includes authorization privileges and permissions,
and other information such as downloadable ACLs.