16-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Working with Administrative Access Control
In cases where Deny Access is selected as the result, the access of the administrator is denied.
In a rule-based policy, each rule contains one or more conditions and a result, which is the identity source
to use for authentication.
The supported conditions are these:
System username
System time and date
Administrator client IP address
An identity policy in the AAC service does not support the identity store sequence as a result. You can
create, duplicate, edit, and delete rules within the identity policy, and you can enable and disable them.
Caution If you switch between the simple policy and the rule-based policy pages, you will lose your previously
saved policy configuration.
To configure a simple identity policy, complete the following steps:
Step1 Select System Administration > Administrative Access Control > Identity.
By default, the Simple Identity Policy page appears with the fields as described in Table16-8.
Step2 Select an identity source for authentication; or, choose Deny Access.
Step3 Click Save Changes to save the policy.
Viewing Rule-Based Identity Policies
Select System Administration > Administrative Access Control > Identity.
By default, the Simple Identity Policy page appears with the fields as described in Table16-8. If it is
configured, the Rule-Based Identity Policy page appears with the fields as described in Table16-9:
Table16-8 Simple Identity Policy Page
Option Description
Policy type Defines the type of policy to configure:
Simple—Specifies the result to apply to all requests.
Rule-based—Configures rules to apply different results, depending on the request.
If you switch between policy types, you will lose your previously s aved policy configuration.
Identity Source Identity source to apply to all requests. The default is Deny Access. For password-based
authentication, choose a single identity store or an identity store sequence.