Filter
Top Products
Chapter 5 Setting Up and Managing Shared Profile Components
Command Authorization Sets
5-14
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
For information on assigning command authorization sets, see the following
procedures:
• Shell Command Authorization Sets—See either of the following:
–
Configuring a Shell Command Authorization Set for a User Group,
page 6-30
–
Configuring a Shell Command Authorization Set for a User, page 7-26
• PIX Command Authorization Sets—See either of the following:
–
Configuring a PIX Command Authorization Set for a User Group,
page 6-32
–
Configuring a PIX Command Authorization Set for a User, page 7-29
About Pattern Matching
For permit/deny command arguments, Cisco Secure ACS applies pattern
matching. That is, the argument permit foo matches any argument that contains
the string foo. Thus, for example, permit foo would allow not only the argument
foo but also the arguments anyfoo and foobar.
To limit the extent of pattern matching you can add the following expressions:
• dollarsign ($)—Expresses that the argument must end with what has gone
before. Thus permit foo$ would match against foo or anyfoo, but not foobar.
• caret (^)—Expresses that the argument must begin with what follows. Thus
permit ^foo would match against foo or foobar, but not against anyfoo.
You can combine these expressions to specify absolute matching. In the example
given, you would use permit ^foo$ to ensure that only foo was permitted, and not
anyfoo or foobar.
Command Authorization Sets Configuration
This section contains the following procedures:
• Adding a Command Authorization Set, page 5-15
• Editing a Command Authorization Set, page 5-17
• Deleting a Command Authorization Set, page 5-17