Chapter 10 Managing Access Policies

Configuring Access Service Policies

To configure rules, see:

Creating Policy Rules, page 10-37

Duplicating a Rule, page 10-38

Editing Policy Rules, page 10-38

Deleting Policy Rules, page 10-39

Configuring Authorization Exception Policies

An authorization policy can include exception policies. In general, exceptions are temporary policies; for example, to grant provisional access to visitors or increase the level of access to specific users. Use exception policies to react efficiently to changing circumstances and events.

The results from the exception rules always override the standard authorization policy rules.

You create exception policies in a separate rule table from the main authorization policy table. You do not need to use the same policy conditions in the exception policy as you used in the corresponding standard authorization policy.

To access the exception policy rules page:

Step 1 Select Access Policies > Service Selection Policy service > authorization policy, where service is the name of the access service, and authorization policy is the session authorization or shell/command set authorization policy.

Step 2 In the Rule-Based Policy page, click the Exception Policy link above the rules table.

The Exception Policy table appears with the fields described in Table 10-20:

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

10-35

 

 

 

 

 

Page 299
Image 299
Cisco Systems OL-24201-01 manual Configuring Authorization Exception Policies, 10-35