Interface design concepts, User-to-group relationship, Per-user or per-group features – Cisco 3.3 User Manual

Chapter 3 Interface Configuration

Interface Design Concepts

3-2

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

•

Protocol Configuration Options for TACACS+, page 3-7

•

Protocol Configuration Options for RADIUS, page 3-11

Interface Design Concepts

Before you begin to configure the Cisco Secure ACS HTML interface for your
particular configuration, you should understand a few basic precepts of the system
operation. The information in the following sections is necessary for effective
interface configuration.

User-to-Group Relationship

A user can belong to only one group at a time. As long as there are no conflicting
attributes, users inherit group settings.

Note

If a user profile has an attribute configured differently from the same attribute in
the group profile, the user setting always overrides the group setting.

If a user has a unique configuration requirement, you can make that user a part of
a group and set unique requirements on the User Setup page, or you can assign
that user to his or her own group.

Per-User or Per-Group Features

You can configure most features at both group and user levels, with the following
exceptions:

•

User level only—Static IP address, password, and expiration.

•

Group level only—Password aging and time-of-day/day-of-week
restrictions.