Chapter 9 Managing Policy Elements

Managing Authorizations and Permissions

Defining Custom Attributes

Use this tab to define custom attributes for the shell profile. This tab also displays the Common Tasks Attributes that you have chosen in the Common Tasks tab.

Step 1 Edit the fields in the Custom Attributes tab as described in Table 9-10:

Table 9-10 Shell Profile: Custom Attributes Page

Option

Description

 

 

Common Tasks

Displays the names, requirements, and values for the Common Tasks Attributes that you have defined

Attributes

in the Common Tasks tab.

 

 

Manually Entered

Use this section to define custom attributes to include in the authorization profile. As you define each

 

attribute, its name, requirement, and value appear in the table. To:

 

Add a custom attribute, fill in the fields below the table and click Add.

 

Edit a custom attribute, select the appropriate row in the table and click Edit.

 

The custom attribute parameters appear in the fields below the table. Edit as required, then click

 

Replace.

 

 

Attribute

Name of the custom attribute.

 

 

Requirement

Choose whether this custom attribute is Mandatory or Optional.

 

 

Attribute Value

Choose whether the custom attribute is Static or Dynamic.

 

 

Step 2

Click:

Submit to save your changes and return to the Shell Profiles page.

The General tab to configure the name and description for the authorization profile; see Defining General Shell Profile Properties, page 9-25.

The Common Tasks tab to configure the shell profile’s privilege level and attributes for the authorization profile; see Defining Common Tasks, page 9-25.

Related Topics

Defining General Shell Profile Properties, page 9-25

Defining Common Tasks, page 9-25

Creating, Duplicating, and Editing Command Sets for Device Administration

Command sets provide decisions for allowed commands and arguments for device administration. You can specify command sets as results in a device configuration authorization policy. Shell profiles and command sets are combined for authorization purposes, and are enforced for the duration of a user’s session.

You can duplicate a command set if you want to create a new command set that is the same, or similar to, an existing command set. After duplication is complete, you access each command set (original and duplicated) separately to edit or delete them.

 

User Guide for Cisco Secure Access Control System 5.3

9-28

OL-24201-01

Page 258
Image 258
Cisco Systems OL-24201-01 manual Defining Custom Attributes, Replace