Adding an authorization policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 61
52
{
Enable RSA—Whether RSA authentication is enabled for device login. When RSA
authentication is disabled, a device user only needs to enter the TAM password for device login.
When RSA authentication is enabled, a device user must append an RSA password directly to
the end of the TAM password for login.
{
Access Authorization Info—Each entry in the Access Authorization Info list represents a
separate authorization rule, which defines the shell profile and command set that applies to the
login users in a specific condition.
{
Device Area/Device Type/Time Range—The combination of the three parameters uniquely
identifies an authorization condition. A user matches the condition only when the user logs in to
a device of the specified device type on the device area within the authorized time range.
For more information about configuring device areas, see "
." For more
information about configuring device types, see "
information about configuring authorized time ranges, see "
."
{
Shell Profile—Controls the login behaviors for the device user who matches the condition. For
more information about shell profiles, see "
{
Authorization Command Set—Set of all authorized commands to execute after login for the
device user who matches the condition.
For more information about configuring command sets, see "
."
{
Priority—Priority of the authorization rule and its condition. The authorization rules and
conditions are listed in descending order of priority. If a user matches multiple conditions, TAM
applies the shell profile and command set defined in the condition with the highest priority to
the user.
4.
To return to the authorization policy list, click Back.
Adding an authorization policy
To add an authorization policy:
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > Authorization Policies.
The authorization policy list displays all authorization policies.
3.
In the Authorization Policy list area, click Add.
The Add Authorization Policy page appears.
4.
Configure basic information for the authorization policy:
{
Authorization Policy Name—Enter the authorization policy name, which must be unique in
TAM.
{
Description—Enter a brief description of the authorization policy for easy maintenance.
{
Enable RSA—Configure RSA authentication for device login. When RSA authentication is
disabled, a device user only needs to enter the TAM password for device login. When RSA
authentication is enabled, a device user must append an RSA password directly to the end of
the TAM password for login. For information about configuring RSA authentication parameters,
see "12 Configuring global system settings."
5.
Configure the predefined authorization rule for the authorization policy.
The predefined authorization rule always has the lowest priority and applies to users who match
no user-defined authorization rules. With the default setting, the rule prohibits users from logging