Chapter 3 ACS 5.x Policy Model

Overview of the ACS 5.x Policy Model

For example, we use the information described for the group-based model:

If identity-condition, restriction-condition then authorization-profile

In ACS 5.3, you define conditions and results as global, shared objects. You define them once and then reference them when you create rules. ACS 5.3 uses the term policy elements for these shared objects, and they are the building blocks for creating rules.

Table 3-1shows how the various policy elements define all the information that the old group contained.

Table 3-1 Information in Policy Elements

Information in ACS 4.x Group

Information in ACS 5.3 Policy Element

 

 

Identity information

AD group membership and attributes

 

LDAP group membership and attributes

 

ACS internal identity groups and attributes

 

 

Other policy conditions

Time and date conditions

 

Custom conditions

 

 

Permissions

Authorization profiles

 

 

A policy is a set of rules that ACS 5.x uses to evaluate an access request and return a decision. For example, the set of rules in an:

Authorization policy return the authorization decision for a given access request.

Identity policy decide how to authenticate and acquire identity attributes for a given access request.

ACS 5.x organizes the sequence of independent policies (a policy workflow) into an access service, which it uses to process an access request. You can create multiple access services to process different kinds of access requests; for example, for device administration or network access. For more information, see Access Services, page 3-6.

You can define simple policies and rule-based policies. Rule-based policies are complex policies that test various conditions. Simple policies apply a single result to all requests without any conditions.

There are various types of policies:

For more information on the different types of policies, see Types of Policies, page 3-5.

For more information about policy model terminology, see Policy Terminology, page 3-3.

Related Topics

Policies and Identity Attributes, page 3-17

Flows for Configuring Services and Policies, page 3-19

User Guide for Cisco Secure Access Control System 5.3

3-2

OL-24201-01

 

 

Page 44
Image 44
Cisco Systems OL-24201-01 manual Information in ACS 5.3 Policy Element, Related Topics