Cisco 3.3 User Manual
Page 223
6-33
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Configuring a Shell Command Authorization Set for a User Group
Use this procedure to specify the shell command authorization set parameters for
a group. There are four options:
•
None—No authorization for shell commands.
•
Assign a Shell Command Authorization Set for any network device—One
shell command authorization set is assigned, and it applies to all network
devices.
•
Assign a Shell Command Authorization Set on a per Network Device
Group Basis—Enables you to associate particular shell command
authorization sets to be effective on particular NDGs.
•
Per Group Command Authorization—Enables you to permit or deny
specific Cisco IOS commands and arguments at the group level.
Note
This feature requires that you have previously configured a shell command
authorization set. For detailed steps, see
Adding a Command Authorization Set,
To specify shell command authorization set parameters for a user group, follow
these steps:
Step 1
In the navigation bar, click Group Setup.
The Group Setup Select page opens.
Step 2
From the Group list, select a group, and then click Edit Settings.
The Group Settings page displays the name of the group at its top.
Step 3
From the Jump To list at the top of the page, choose TACACS+.
The system displays the TACACS+ Settings table section.
Step 4
Use the vertical scrollbar to scroll to the Shell Command Authorization Set
feature area.
Step 5
To prevent the application of any shell command authorization set, select (or
accept the default of) the None option.