Setting enable privilege options for a user group – Cisco 3.3 User Manual

6-19

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 6 User Group Management

Configuration-specific User Group Settings

Step 4

In the Token Card Settings table, to cache the token for the entire session, select
Session.

Step 5

Also in the Token Card Settings table, to cache the token for a specified time
period (measured from the time of first authentication), follow these steps:

a.

Select Duration.

b.

Type the duration length in the box.

c.

Select the unit of measure, either Seconds, Minutes or Hours.

Step 6

To save the group settings you have just made, click Submit.

For more information, see

Saving Changes to User Group Settings, page 6-56

.

Step 7

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.

Setting Enable Privilege Options for a User Group

Note

If this section does not appear, click Interface Configuration and then click
TACACS+ (Cisco). At the bottom of the page in the Advanced Configuration
Options table, select the Advanced TACACS+ features check box.

Perform this procedure to configure group-level TACACS+ enable parameters.
The three possible TACACS+ enable options are as follows:

•

No Enable Privilege—(default) Select this option to disallow enable
privileges for this user group.

•

Max Privilege for Any AAA Client—Select this option to select the
maximum privilege level for this user group for any AAA client on which this
group is authorized.

•

Define max Privilege on a per-network device group basis—Select this
option to define maximum privilege levels for an NDG. To use this option,
you create a list of device groups and corresponding maximum privilege
levels. See your AAA client documentation for information about privilege
levels.