About command authorization sets, Command authorization sets description – Cisco 3.3 User Manual

Chapter 5 Shared Profile Components

Command Authorization Sets

5-26

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

About Command Authorization Sets

This section contains the following topics:

•

Command Authorization Sets Description, page 5-26

•

Command Authorization Sets Assignment, page 5-28

•

Case Sensitivity and Command Authorization, page 5-29

•

Arguments and Command Authorization, page 5-29

•

About Pattern Matching, page 5-30

Command Authorization Sets Description

Command authorization sets provide a central mechanism to control the
authorization of each command issued on any given network device. This greatly
enhances the scalability and manageability of setting authorization restrictions. In
Cisco Secure ACS, the default command authorization sets include Shell
Command Authorization Sets and PIX Command Authorization Sets. Cisco
device-management applications, such as Management Center for Firewalls, can
instruct Cisco Secure ACS to support additional command authorization set
types.

Note

PIX Command Authorization Sets require that the TACACS+ command
authorization request identify the service as “pixshell”. Verify that this service has
been implemented in the version of PIX OS your firewalls use; if not, use Shell
Command Authorization Sets to perform command authorization for PIXes.

Tip

As of PIX OS version 6.3, the pixshell service has not been implemented.