Cisco Systems OL-24201-01 manual

Chapter 9 Managing Policy Elements

Managing Authorizations and Permissions

After you create command sets, you can use them in authorizations and permissions within rule tables. A rule can contain multiple command sets. See Creating, Duplicating, and Editing a Shell Profile for Device Administration, page 9-23.

Note Command sets support TACACS+ protocol attributes only.

To create, duplicate, or edit a new command set:

Step 1 Select Policy Elements > Authorization and Permissions > Device Administration > Command Sets.

The Command Sets page appears.

Step 2 Do one of the following:

•Click Create.

The Command Set Properties page appears.

•Check the check box next to the command set that you want to duplicate and click Duplicate. The Command Set Properties page appears.

•Click the name that you want to modify; or, check the check box next to the name that you want to modify and click Edit.

The Command Set Properties page appears.

•Click File Operations to perform any of the following functions:

–Add—Choose this option to add command sets from the import file to ACS.

–Update—Choose this option to replace the list of command sets in ACS with the list of command sets in the import file.

–Delete—Choose this option to delete the command sets listed in the import file from ACS.

See Performing Bulk Operations for Network Resources and Users, page 7-8for a detailed description of the bulk operations.

•Click Export to export the command sets from ACS to your local hard disk.

A dialog box appears, prompting you to enter an encryption password to securely export the command sets:

a.Check the Password check box and enter the password to encrypt the file during the export process, then click Start Export.

b.Click Start Export to export the command sets without any encryption.

Step 3 Enter valid configuration data in the required fields.

As a minimum configuration, you must enter a unique name for the command set; all other fields are optional. You can define commands and arguments; you can also add commands and arguments from other command sets.

See Table 9-11for a description of the fields in the Command Set Properties page.