16-20
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Working with Administrative Access Control
Configuring Administrator Authorization Rule Properties
Use this page to create, duplicate, and edit the rules to determine administrator roles in the AAC access
service.
Select System Administration > Administrative Access Control > Authorization > Standard Policy,
and click Create, Edit, or Duplicate.
The Administrator Authorization Rule Properties page a ppears as described in Table 16-12.
Table16-11 Administrators Authorization Policy Page
Option Description
Status Rule statuses are:
Enabled—The rule is active.
Disabled—ACS does not apply the results of the rule.
Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count
are written to the log, and the log entry includes an identification that the rule is monitor-only. The
monitor option is especially useful for watching the results of a new rule.
Name Name of the rule.
Conditions Conditions that define the scope of the rule. To change the types of conditions that the rule uses, click the
Customize button. You must have previously defined the conditions that you want to use.
Results Displays the administrator roles that are applied when the corresponding rule is matched.
You can customize rule results; a rule can apply administrator roles. The columns that appear reflect the
customization settings.
Hit Count Number of times that the rule is matched. Click the Hit Count button to refresh and reset this column.
Default Rule ACS applies the Default rule when:
Enabled rules are not matched.
No other rules are defined.
Click the link to edit the Default Rule. You can edit only the results of the Default Rule; you cannot delete,
disable, or duplicate it.
Customize
button
Opens the Customize page in which you choose the types of conditions and results to use in policy rules.
The Conditions and Results columns reflect your customized settings.
Caution If you remove a condition type after defining rules, you will lose any conditions that you
configured for that condition type.
Hit Count button Opens a window that enables you to reset and refresh the Hit Count display in the Policy page. See
Displaying Hit Counts, page10-10.