Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

10-21

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 10 Managing Access Policies

Configuring Access Service Policies

You configure access service policies after you create the access service:

• Viewing Identity Policies, page 10-21

• Configuring Identity Policy Rule Properties, page 10-24

• Configuring a Group Mapping Policy, page 10-26

• Configuring a Session Authorization Policy for Network Access, page 10-29

• Configuring Shell/Command Authorization Policies for Device Administration, page 10-34

You can configure simple policies to apply to the same result to all incoming requests; or, you can create

rule-based policies.

Note If you create and save a simple policy, and then change to a rule-based policy, the simple policy becomes

the default rule of the rule-based policy. If you have saved a rule-based policy and then change to a

simple policy, you will lose all your rules except for the default rule. ACS automatically uses the default

rule as the simple policy.

Before you begin to configure policy rules, you must:

• Configure the policy conditions and results. See Managing Policy Conditions, page 9-1.

• Select the types of conditions and results that the policy rules apply. See Customizing a Policy,

page 10-4.

For information about configuring policy rules, see:

• Creating Policy Rules, page 10-37

• Duplicating a Rule, page 10-38

• Editing Policy Rules, page 10-38

• Deleting Policy Rules, page 10-39

Viewing Identity Policies

The identity policy in an access service defines the identity source that ACS uses for authentication and

attribute retrieval. ACS can use the retrieved attributes in subsequent policies.

The identity source for:

• Password-based authentication can be a single identity store, or an identity store sequence.

• Certificate-based authentication can be a certificate authentication profile, or an identity store

sequence.

An identity store sequence defines the sequence that is used for authentication and an optional additional

sequence to retrieve attributes. See Configuring Identity Store Sequences, page 8-74.

If you created an access service that includes an identity policy, you can configure and modify this

policy. You can configure a simple policy, which applies the same identity source for authentication of

all requests; or, you can configure a rule-based identity policy.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual