Cisco Systems OL-24201-01 manual 10-33

Chapter 10 Managing Access Policies

Configuring Access Service Policies

Configuring Device Administration Authorization Rule Properties

Use this page to create, duplicate, and edit the rules to determine authorizations and permissions in a device administration access service.

Select Access Policies > Access Services > service > Authorization, and click Create, Edit, or Duplicate.

The Device Administration Authorization Rule Properties page appears as described in Table 10-18.

Table 10-18 Device Administration Authorization Rule Properties Page

General

•Enabled—The rule is active.

•Disabled—ACS does not apply the results of the rule.

•Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count are written to the log, and the log entry includes an identification that the rule is monitor only. The monitor option is especially useful for watching the results of a new rule.

Conditions

Results

Configuring Device Administration Authorization Exception Policies

You can create a device administration authorization exception policy for a defined authorization policy. Results from the exception rules always override authorization policy rules.

Use this page to:

•View exception rules.

•Delete exception rules.

•Open pages that create, duplicate, edit, and customize exception rules.

Select Access Policies > Access Services > service > Authorization, and click Device Administration Authorization Exception Policy.

The Device Administration Authorization Exception Policy page appears as described in Table 10-19.