Filter
Top Products
CHAPTER
5-1
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
5
Setting Up and Managing Shared
Profile Components
The Shared Profile Components section enables administrators to develop and
name reusable, shared sets of authorization components which may be applied to
one or more users or groups of users and referenced by name within their profiles.
These comprise network access restrictions (NARs), command authorization sets,
and downloadable PIX ACLs.
The Shared Profile Components section of Cisco Secure Access Control Server
for Windows NT/2000 Servers Version 3.0 (Cisco Secure ACS) addresses the
scalability of selective authorization. Shared profile components can be
configured once and then applied to many users or groups. Without this ability,
flexible and comprehensive authorization could only be accomplished by
explicitly configuring the authorization of each user group for each possible
command on each possible device. The creation and application of these named
shared profile components (access restrictions, command sets, and ACLs) make
it unnecessary to repeatedly enter long lists of devices or commands when
defining network access parameters.
Shared profile components also provide the means for one device to issue a
command on behalf of another device or devices. Their scalability extends to the
following capabilities:
• A means to determine the list of commands a user could issue against one or
more devices in the network
• A means to determine the list of devices on which a particular user may
execute a particular command.