beautypg.com

Adding a command authorization set, Adding a – Cisco 3.3 User Manual

Page 185

background image

5-31

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 5 Shared Profile Components

Command Authorization Sets

To permit/deny commands that carry no arguments, you can use absolute
matching to specify the null argument condition. For example, you use permit ^$
to permit a command with no arguments. Alternatively, entering permit has
the same effect. Either of these methods can be used, with the Permit Unmatched
Args
option unselected, to match and therefore permit or deny commands that
have no argument.

Adding a Command Authorization Set

To add a command authorization set, follow these steps:

Step 1

In the navigation bar, click Shared Profile Components.

The Shared Profile Components page lists the command authorization set types
available. These always include Shell Command Authorization Sets and may
include others, such as command authorization set types that support Cisco
device-management applications.

Step 2

Click one of the listed command authorization set types, as applicable.

The selected Command Authorization Sets table appears.

Step 3

Click Add.

The applicable Command Authorization Set page appears. Depending upon the
type of command authorization set you are adding, the contents of the page vary.
Below the Name and Description boxes, Cisco Secure ACS displays either
additional boxes or an expandable checklist tree. The expandable checklist tree
appears for device command set types that support a Cisco device-management
application.

Step 4

In the Name box, type a name for the command authorization set.

Note

The set name can contain up to 27 characters. Names cannot contain the
following characters:
# ? " * > <
Leading and trailing spaces are not allowed.

Step 5

In the Description box, type a description of the command authorization set.