Filter
Top Products
3-20
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3 ACS 5.x Policy Model
Flows for Configuring Services and Policies
• Added users to the internal ACS identity store or add external identity stores. See Creating Internal
Users, page 8-11, Managing Identity Attributes, page 8-7, or Creating External LDAP Identity
Stores, page 8-26.
Table 3-8 Steps to Configure Services and Policies
Step Action Drawer in Web Interface
Step 1
Define policy results:
• Authorizations and permissions for device administration—Shell
profiles or command sets.
• Authorizations and permissions for network access—Authorization
profile.
See:
• Creating, Duplicating, and Editing a Shell Profile for Device
Administration, page 9-23
• Creating, Duplicating, and Editing Command Sets for Device
Administration, page 9-28
• Creating, Duplicating, and Editing Authorization Profiles for Network
Access, page 9-18
Policy Elements
Step 2
(Optional) Define custom conditions to policy rules. You can complete this
step before defining policy rules in Step 6, or you can define custom
conditions while in the process of creating a rule. SeeCreating, Duplicating,
and Editing a Custom Session Condition, page 9-5.
—
Step 3
Create Access Services—Define only the structure and allowed protocols;
you do not need to define the policies yet. See Creating, Duplicating, and
Editing Access Services, page 10-12.
Access Policies
Step 4
Add rules to Service Selection Policy to determine which access service to
use for requests. See:
• Customizing a Policy, page 10-4
• Creating, Duplicating, and Editing Service Selection Rules, page 10-8
Access Policies
Step 5
Define identity policy. Select the identity store or sequence you want to use
to authenticate requests and obtain identity attributes. See Managing Users
and Identity Stores.
Users and Identity Stores
Step 6
Create authorization rules:
• Device administration—Shell/command authorization policy.
• Network access—Session authorization policy.
See:
• Customizing a Policy, page 10-4
• Configuring Access Service Policies, page 10-21
Access Policies