Filter
Top Products
CHAPTER
10-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
10
Managing Access Policies
In ACS 5.3, policy drives all activities. Policies consist mainly of rules that determine the action of the
policy. You create access services to define authentication and authorization policies for requests. A
global service selection policy contains rules that determine which access service processes an incoming
request.
For a basic workflow for configuring policies and all their elements, see Flows for Configuring Services
and Policies, page 3-19. In general, before you can configure policy rules, you must configure all the
elements that you will need, such as identities, conditions, and authorizations and permissions.
For information about:
• Managing identities, see Chapter 8, “Managing Users and Identity Stores.”
• Configuring conditions, see Managing Policy Elements, page 9-1.
• Configuring authorizations and permissions, see Configuring System Operations, page 17-1.
This section contains the following topics:
• Policy Creation Flow, page 10-1
• Customizing a Policy, page 10-4
• Configuring the Service Selection Policy, page 10-5
• Configuring Access Services, page 10-11
• Configuring Access Service Policies, page 10-21
• Configuring Compound Conditions, page 10-40
• Security Group Access Control Pages, page 10-45
• Maximum User Sessions, page 10-50
For information about creating Egress and NDAC policies for Cisco Security Group Access, see
Configuring an NDAC Policy, page 4-25.
Policy Creation Flow
Policy creation depends on your network configuration and the degree of refinement that you want to
bring to individual policies. The endpoint of policy creation is the access service that runs as the result
of the service selection policy. Each policy is rule driven.