Cisco Systems OL-24201-01

9-30

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 9 Managing Policy Elements

Managing Authorizations and Permissions

Step 4 Click Submit.

The command set is saved. The Command Sets page appears with the command set that you created or

duplicated.

Table 9-11 Command Set Properties Page

Field Description

Name Name of the command set.

Description (Optional) The description of the command set.

Permit any

command that is not

in the table below

Check to allow all commands that are requested, unless they are explicitly denied in the Grant table.

Uncheck to allow only commands that are explicitly allowed in the Grant table.

Command Set table Use this section to define commands to include in the authorization profile. As you define each

command, its details appear in the table. To:

•Add a command, fill in the fields below the table and click Add.

•Edit a command, select the appropriate row in the table, and click Edit. The command parameters

appear in the fields below the table. Edit as required, then click Replace.

The order of commands in the Command Set table is important; policy rule table processing depends

on which command and argument are matched first to make a decision on policy result choice. Use the

control buttons at the right of the Command Set table to order your commands.

Grant Choose the permission level of the associated command. Options are:

•Permit—The associated command and arguments are automatically granted.

•Deny—The associated command and arguments are automatically denied.

•Deny Always—The associated command and arguments are always denied.

Command Enter the command name. This field is not case sensitive. You can use the asterisk (*) to represent zero

(0) or more characters in the command name, and you can use the question mark (?) to represent a

single character in a command name.

Examples of valid command name entries:

•SHOW

•sH*

•sho?

•Sh*?

Arguments (field) Enter the argument associated with the command name. This field is not case sensitive.

ACS 5.3 uses standard UNIX-type regular expressions.

Select Command/

Arguments from

Command Set

To add a command from another command set:

1. Choose the command set.

2. Click Select to open a page that lists the available commands and arguments.

3. Choose a command and click OK.