Cisco 3.3 User Manual
Page 277
7-31
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 7 User Management
Advanced User Authentication Settings
•
Assign a device-management application for any network device—For the
applicable device-management application, one command authorization set is
assigned, and it applies to management tasks on all network devices.
•
Assign a device-management application on a per Network Device Group
Basis—For the applicable device-management application, this option
enables you to apply command authorization sets to specific NDGs, so that it
affects all management tasks on the network devices belonging to the NDG.
Before You Begin
•
Make sure that a AAA client is configured to use TACACS+ as the security
control protocol.
•
In the Advanced Options section of Interface Configuration, make sure that
the Per-user TACACS+/RADIUS Attributes check box is selected.
•
In the TACACS+ (Cisco) section of Interface Configuration, make sure that,
under New Services, the new TACACS+ service corresponding to the
applicable device-management application is selected in the User column.
•
If you want to apply command authorization sets, make sure that you have
configured one or more device management command authorization sets. For
detailed steps, see
Adding a Command Authorization Set, page 5-31
To specify device-management application command authorization for a user,
follow these steps:
Step 1
Perform Step 1 through Step 3 of
Adding a Basic User Account, page 7-4
The User Setup Edit page opens. The username being added or edited is at the top
of the page.
Step 2
Scroll down to the TACACS+ Settings table and to the applicable
device-management command authorization feature area within it.
Step 3
To prevent the application of any command authorization for actions performed
in the applicable device-management application, select (or accept the default of)
the None option.
Step 4
To assign command authorization for the applicable device-management
application at the group level, select the As Group option.