Chapter 9 Managing Policy Elements

Managing Authorizations and Permissions

Table 9-9

Shell Profile: Common Tasks

Option

Description

Privilege Level

Default Privilege

(Optional) Enables the initial privilege level assignment that you allow for a client, through shell

 

authorization. If disabled, the setting is not interpreted in authorization and permissions.

 

 

 

The Default Privilege Level specifies the default (initial) privilege level for the shell profile. If you

 

select Static as the Enable Default Privilege option, you can select the default privilege level; the valid

 

options are 0 to 15.

 

If you select Dynamic as the Enable Default Privilege option, you can select attribute from dynamic

 

ACS dictionary, for a substitute attribute.

 

 

Maximum Privilege

(Optional) Enables the maximum privilege level assignment for which you allow a client after the

 

initial shell authorization.

 

 

 

The Maximum Privilege Level specifies the maximum privilege level for the shell profile. If you

 

select the Enable Change of Privilege Level option, you can select the maximum privilege level; the

 

valid options are 0 to 15.

 

If you choose both default and privilege level assignments, the default privilege level assignment must

 

be equal to or lower than the maximum privilege level assignment.

 

 

Shell Attributes

 

Select Not in Use for the options provided below if you do not want to enable them.

If you select Dynamic, you can substitute the static value of a TACACS+ attribute with a value of another attribute from one of the listed dynamic dictionaries

Access Control List

(Optional) Choose Static to specify the name of the access control list to enable it. The name of the

 

access control list can be up to 27 characters, and cannot contain the following:

 

A hyphen (-), left bracket ([), right bracket, (]) forward slash (/), back slash (\), apostrophe (‘), left

 

angle bracket (<), or right angle bracket (>).

 

Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.

 

 

Auto Command

(Optional) Choose Static and specify the command to enable it.

 

Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.

 

 

No Callback Verify

(Optional) Choose Static to specify whether or not you want callback verification. Valid options are:

 

True—Specifies that callback verification is not needed.

 

False—Specifies that callback verification is needed.

 

Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.

 

 

No Escape

(Optional) Choose Static to specify whether or not you want escape prevention. Valid options are:

 

True—Specifies that escape prevention is enabled.

 

False—Specifies that escape prevention is not enabled.

 

Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.

 

 

No Hang Up

(Optional) Choose Static to specify whether or not you want any hangups. Valid options are:

 

True—Specifies no hangups are allowed.

 

False—Specifies that hangups are allowed.

 

Choose Dynamic to select attribute from dynamic ACS dictionary, for a substitute attribute.

 

 

 

User Guide for Cisco Secure Access Control System 5.3

9-26

OL-24201-01

Page 256
Image 256
Cisco Systems OL-24201-01 manual Privilege Level