Adding a command authorization set, Adding a – Cisco 3.3 User Manual
Page 185
5-31
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 5 Shared Profile Components
Command Authorization Sets
To permit/deny commands that carry no arguments, you can use absolute
matching to specify the null argument condition. For example, you use permit ^$
to permit a command with no arguments. Alternatively, entering permit
the same effect. Either of these methods can be used, with the Permit Unmatched
Args option unselected, to match and therefore permit or deny commands that
have no argument.
Adding a Command Authorization Set
To add a command authorization set, follow these steps:
Step 1
In the navigation bar, click Shared Profile Components.
The Shared Profile Components page lists the command authorization set types
available. These always include Shell Command Authorization Sets and may
include others, such as command authorization set types that support Cisco
device-management applications.
Step 2
Click one of the listed command authorization set types, as applicable.
The selected Command Authorization Sets table appears.
Step 3
Click Add.
The applicable Command Authorization Set page appears. Depending upon the
type of command authorization set you are adding, the contents of the page vary.
Below the Name and Description boxes, Cisco Secure ACS displays either
additional boxes or an expandable checklist tree. The expandable checklist tree
appears for device command set types that support a Cisco device-management
application.
Step 4
In the Name box, type a name for the command authorization set.
Note
The set name can contain up to 27 characters. Names cannot contain the
following characters:
# ? " * > <
Leading and trailing spaces are not allowed.
Step 5
In the Description box, type a description of the command authorization set.