Cisco Systems OL-24201-01 Step Action Drawer in Web Interface, Editing a Custom Session Condition

Table 3-8

Steps to Configure Services and Policies

Step

Action

Drawer in Web Interface

Step 1

Define policy results:

Policy Elements

• Authorizations and permissions for device administration—Shell

profiles or command sets.

• Authorizations and permissions for network access—Authorization

profile.

See:

• Creating, Duplicating, and Editing a Shell Profile for Device

Administration, page 9-23

• Creating, Duplicating, and Editing Command Sets for Device

Administration, page 9-28

• Creating, Duplicating, and Editing Authorization Profiles for Network

Access, page 9-18

Step 2

(Optional) Define custom conditions to policy rules. You can complete this

—

step before defining policy rules in Step 6, or you can define custom

conditions while in the process of creating a rule. SeeCreating, Duplicating,

and Editing a Custom Session Condition, page 9-5.

Step 3

Create Access Services—Define only the structure and allowed protocols;

Access Policies

you do not need to define the policies yet. See Creating, Duplicating, and

Editing Access Services, page 10-12.

Step 4

Add rules to Service Selection Policy to determine which access service to

Access Policies

use for requests. See:

• Customizing a Policy, page 10-4

• Creating, Duplicating, and Editing Service Selection Rules, page 10-8

Step 5

Define identity policy. Select the identity store or sequence you want to use

Users and Identity Stores

to authenticate requests and obtain identity attributes. See Managing Users

and Identity Stores.

Step 6

Create authorization rules:

Access Policies

• Device administration—Shell/command authorization policy.

• Network access—Session authorization policy.

See:

• Customizing a Policy, page 10-4

• Configuring Access Service Policies, page 10-21

User Guide for Cisco Secure Access Control System 5.3

3-20

OL-24201-01