Configuring – Cisco 3.3 User Manual
Page 227
6-37
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Configuring Device-Management Command Authorization for a
User Group
Use this procedure to specify the device-management command authorization set
parameters for a group. Device-management command authorization sets support
the authorization of tasks in Cisco device-management applications that are
configured to use Cisco Secure ACS for authorization. There are three options:
•
None—No authorization is performed for commands issued in the applicable
Cisco device-management application.
•
Assign a device-management application for any network device—For the
applicable device-management application, one command authorization set is
assigned, and it applies to management tasks on all network devices.
•
Assign a device-management application on a per Network Device Group
Basis—For the applicable device-management application, this option
enables you to apply command authorization sets to specific NDGs, so that it
affects all management tasks on the network devices belonging to the NDG.
Note
This feature requires that you have configured a command authorization set for
the applicable Cisco device-management application. For detailed steps, see
Adding a Command Authorization Set, page 5-31
To specify device-management application command authorization for a user
group, follow these steps:
Step 1
In the navigation bar, click Group Setup.
The Group Setup Select page opens.
Step 2
From the Group list, select a group, and then click Edit Settings.
The Group Settings page displays the name of the group at its top.
Step 3
From the Jump To list at the top of the page, choose TACACS+.
The system displays the TACACS+ Settings table section.
Step 4
Use the vertical scrollbar to scroll to the device-management application feature
area, where device-management application is the name of the applicable Cisco
device-management application.