User Guide for Cisco Secure Access Control System 5.4
Chapter9 Managing Policy E lements
Managing Authorizations and Permissions
Table9-9 Shell Profile: Common Tasks
Option Description
Privilege Level
Default Privilege (Optional) Enables the initial privilege level assignment that you allow for a client, through shell
authorization. If disabled, the setting is not interpreted in authorization and permissions.
The Default Privilege Level specifies the default (initial) privilege level for the shell profile. If you
select Static as the Enable Default Privilege option, you can select the default privilege level; the valid
options are 0 to 15.
If you select Dynamic as the Enable Default Privilege option, you can select attribute from dynamic
ACS dictionary, for a substitute attribute.
Maximum Privilege (Optional) Enables the maximum privilege level assignment for which you allow a client after the
initial shell authorization.
The Maximum Privilege Level specifies the maximum privilege level for the shell profile. If you
select the Enable Change of Privilege Level option, you can select the maximum privilege level; the
valid options are 0 to 15.
If you choose both default and privilege level assignments, the default privilege level assignment must
be equal to or lower than the maximum privilege level assignment.
Shell Attributes
Select Not in Use for the options provided below if you do not want to enable them.
If you select Dynamic, you can substitute the static value of a TACACS+ attribute with a value of another attribute from one
of the listed dynamic dictionaries
Access Control List (Optional) Choose Static to specify the name of the access control list to enable it. The name of the
access control list can be up to 27 characters, and cannot contain the following:
A hyphen (-), left bracket ([), right bracket, (]) forward slash (/), back slash (\), apostrophe (‘), left
angle bracket (<), or right angle bracket (>).
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
Auto Command (Optional) Choose Static and specify the command to enable it.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
No Callback Verify (Optional) Choo se Static to specify whether or not you want callback verification. Valid options are:
True—Specifies that callback verification is not needed.
False—Specifies that callback verification is needed.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
No Escape (Optional) Choose Static to specify whether or not you want escape prevention. Valid options are:
True—Specifies that escape prevention is enabled.
False—Specifies that escape prevention is not enabled.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.
No Hang Up (Optional) Choose Static to specify whether or not you want any hangups. Valid options are:
True—Specifies no hangups are allowed.
False—Specifies that hangups are allowed.
Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.