6-31
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter6 Setting Up and Managing User Groups Configuration-specific User Group Settings
To specify shell command authorization set parameters for a user group, follow
these steps:
Step 1 In the navigation bar, click Group Setup.
Result: The Group Setup Select page opens.
Step 2 From the Group list, select a group, and then click Edit Settings.
Result: The Group Settings page displays the name of the group at its top.
Step 3 From the Jump To list at the top of the page, choose TACAC S+ .
Result: The system displays the TACACS+ Settings table section.
Step 4 Use the vertical scroll bar to scroll to the Shell Command Authorization Set
feature area.
Step 5 To prevent the application of any shell command authorization set, select (or
accept the default of) the None option.
Step 6 To assign a particular shell command authorization set to be effective on any
configured network device, follow these steps:
a. Select the Assign a Shell Command Authorization Set for any network
device option.
b. Then, from the list directly below that option, select the shell command
authorization set you want applied to this group.
Step 7 To create associations that assign a particular shell command authorization set to
be effective on a particular NDG, for each association, follow these steps:
a. Select the Assign a Shell Command Authorization Set on a per Network
Device Group Basis option.
b. Select a Device Group and a corresponding Command Set.
c. Click Add Association.
Result: The associated NDG and shell command authorization set appear in
the table.
Step 8 To define the specific Cisco IOS commands and arguments to be permitted or
denied at the group level, follow these steps:
a. Select the Per Group Command Authorization option.
b. Under Unmatched Cisco IOS commands, select either Permit or Deny.