10-36
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter10 Managing Access Policies
Configuring Access Service Policies
To configure rules, see:
Creating Policy Rules, page 10-38
Duplicating a Rule, page 10-39
Editing Policy Rules, page10-39
Deleting Policy Rules, page10-40
Configuring Authorization Exception Policies
An authorization policy can include exception policies. In ge neral, exceptions are temporary policies;
for example, to grant provisional access to visitors or increase the level of access to specific users. Use
exception policies to react efficiently to changing circumstances and events.
The results from the exception rules always override the standard authorization policy rules.
You create exception policies in a separate rule table from the main authorization policy table. You do
not need to use the same policy conditions in the exception policy as yo u used in the corresponding
standard authorization policy.
To access the exception policy rules page:
Step1 Select Access Policies > Service Selection Policy service > authorization policy, where service is the
name of the access service, and authorization policy is the session authorization or shell/command set
authorization policy.
Step2 In the Rule-Based Policy page, click the Exception Policy link above the rules table.
The Exception Policy table appears with the fields described in Table 10-20: