10-38
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter10 Managing Access Policies
Configuring Access Service Policies
Creating Policy Rules
When you create rules, remember that the order of the rules is important. When ACS encounters a match
as it processes the request of a client that tries to access the ACS network, all further processing stops
and the associated result of that match is found. No further rules are considered af ter a match is found.
The Default Rule provides a default policy in cases where no rules are matched or defined. You can edit
the result of a default rule.
Before You Begin
Configure the policy conditions and results. See Managing Policy Conditions, page9 -1.
Select the types of conditions and results that the policy rules apply. See Customizing a Policy,
page 10-4.
To create a new policy rule:
Step1 Select Access Policies > Service Selection Policy service > policy, where service is the name of the
access service, and policy is the type of policy. If you:
Previously created a rule-based policy, the Rule-Based Policy page appears, with a list of configured
rules.
Have not created a rule-based policy, the Simple Policy page appears. Click Rule-Based.
Step2 In the Rule-Based Policy page, click Create.
The Rule page appears.
Step3 Define the rule.
Step4 Click OK
The Policy page appears with the new rule.
Step5 Click Save Changes to save the new rule.
To configure a simple policy to use the same result for all requests that an access service processes, see:
Viewing Identity Policies, page10-22
Configuring a Group Mapping Policy, page 10-27
Configuring a Session Authorization Policy for Network Access, page 10-30
Configuring a Session Authorization Policy for Network Access, page 10-30
Configuring Shell/Command Authorization Policies for Device Administration, page10-35
Related Topics
Duplicating a Rule, page 10-39
Editing Policy Rules, page10-39
Deleting Policy Rules, page10-40