beautypg.com

Configuring – Cisco 3.3 User Manual

Page 227

background image

6-37

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 6 User Group Management

Configuration-specific User Group Settings

Configuring Device-Management Command Authorization for a
User Group

Use this procedure to specify the device-management command authorization set
parameters for a group. Device-management command authorization sets support
the authorization of tasks in Cisco device-management applications that are
configured to use Cisco Secure ACS for authorization. There are three options:

None—No authorization is performed for commands issued in the applicable
Cisco device-management application.

Assign a device-management application for any network device—For the
applicable device-management application, one command authorization set is
assigned, and it applies to management tasks on all network devices.

Assign a device-management application on a per Network Device Group
Basis—For the applicable device-management application, this option
enables you to apply command authorization sets to specific NDGs, so that it
affects all management tasks on the network devices belonging to the NDG.

Note

This feature requires that you have configured a command authorization set for
the applicable Cisco device-management application. For detailed steps, see

Adding a Command Authorization Set, page 5-31

.

To specify device-management application command authorization for a user
group, follow these steps:

Step 1

In the navigation bar, click Group Setup.

The Group Setup Select page opens.

Step 2

From the Group list, select a group, and then click Edit Settings.

The Group Settings page displays the name of the group at its top.

Step 3

From the Jump To list at the top of the page, choose TACACS+.

The system displays the TACACS+ Settings table section.

Step 4

Use the vertical scrollbar to scroll to the device-management application feature
area, where device-management application is the name of the applicable Cisco
device-management application.