Cisco 3.3 User Manual

Chapter 5 Shared Profile Components

Command Authorization Sets

5-32

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 6

If Cisco Secure ACS displays an expandable checklist tree below the Name and
Description boxes, use the checklist tree to specify the actions permitted by the
command authorization set. To do so, follow these steps:

a.

To expand a checklist node, click the plus (+) symbol to its left.

b.

To enable an action, select its check box. For example, to enable a Device
View action, select the View check box under the Device checklist node.

Tip

Selecting an expandable check box node selects all check boxes within
that node. Selecting the first check box in the checklist tree selects all
check boxes in the checklist tree.

c.

To enable other actions in this command authorization set, repeat Step a and
Step b, as needed.

Step 7

If Cisco Secure ACS displays additional boxes below the Name and Description
boxes, use the boxes to specify the commands and arguments permitted or denied
by the command authorization set. To do so, follow these steps:

a.

To specify how Cisco Secure ACS should handle unmatched commands,
select either the Permit or Deny option, as applicable.

Note

The default setting is Deny.

b.

In the box just above the Add Command button, type a command that is to be
part of the set.

Caution

Enter the full command word; if you use command abbreviations, authorization
control may not function.

Note

Enter only the command portion of the command/argument string
here. Arguments are added only after the command is listed. For
example, with the command/argument string “show run” you would
type only the command show.