Filter
Top Products
9-27
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 9 Managing Policy Elements
Managing Authorizations and Permissions
Step 3 Click:
• Submit to save your changes and return to the Shell Profiles page.
• The General tab to configure the name and description for the authorization profile; see Defining
General Shell Profile Properties, page 9-25.
• The Custom Attributes tab to configure Custom Attributes for the authorization profile; see
Defining Custom Attributes, page 9-28.
To substitute the static value of a TACACS+ attribute with a value of another attribute from one of the
listed dynamic dictionaries, complete the following steps.
Step 1 Select System Administration > Configuration > Dictionaries > Identity > Internal Users to add
attributes to the Internal Users Dictionary.
Step 2 Select Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
to create a Shell Profile.
Step 3 Select Custom Attributes tab to create a new attribute and choose Dynamic as Attribute Value and
correlate it to created attribute in Internal Users Dictionary.
Step 4 Create a new rule in Access Policies > Access Services > Default Device Admin > Authorization and
choose the Results created as Shell Profile instead.
After authorization you will see the response as dynamic attribute value from Internal ID Store.
Related Topics
• Defining Custom Attributes, page 9-28
• Configuring Shell/Command Authorization Policies for Device Administration, page 10-34
Timeout (Optional) Choose Static to enable and specify, in minutes, the duration of the allowed timeout in the
value field. The valid range is from 0 to 999.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
Idle Time (Optional) Choose Static to enable and specify, in minutes, the duration of the allowed idle time in the
value field. The valid range is from 0 to 999.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
Callback Line (Optional) Choose Static to enable and specify the callback phone line in the value field.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
Callback Rotary (Optional) Choose Static to enable and specify the callback rotary phone line in the value field.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
Table 9-9 Shell Profile: Common Tasks
Option Description