Configuring TACACS+ Privilege Levels

Setting TACACS+ account access level privileges

The Set TacPriv Access command sets the access level privileges for a TACACS+ account. The Sentry has four defined access privilege levels; Admin, User, On-Only and View-Only. For more information on user access levels, see Changing a user’s access privilege level: on page 17.

To set the access level privilege for a TACACS+ account :

At the Sentry: prompt, type set tacpriv access, followed by admin, user, ononly or viewonly, optionally followed by a TACACS+ account number and press Enter.

Examples

The following command sets the TACACS+ account access level for account 14 to Admin:

Sentry: set tacpriv access admin 14<Enter>

The following command sets the TACACS+ account access level for account 5 to User:

Sentry: set tacpriv access user 5<Enter>

Granting and removing input status viewing privileges

The Set TacPriv Envmon command grants or removes input status viewing privileges to/from a TACACS+ account.

To grant or remove input status viewing privileges for a TACACS+ account:

At the Sentry: prompt, type set tacpriv envmon, followed by on or off, optionally followed by a TACACS+ account number and press Enter.

Example

The following command grants input status viewing privileges to the TACACS+ account 5:

Sentry: set tacpriv envmon on 5<Enter>

Displaying the TACACS+ access privilege levels

The List TacPrivs command displays all TACACS+ accounts with their access privilege levels.

To display TACACS+ account access privilege levels:

At the Sentry: prompt, type list tacprivs and press Enter.

Example

The following command displays all TACACS+ account with their access privilege level:

Sentry: list tacprivs<Enter>

 

TACACS

Access

Environmental

Account Name

Level

Monitoring

TACAdmin

Admin

Allowed

PowerUser

User

Allowed

User

On-Only

Not Allowed

Guest

View-Only

Not Allowed

Adding outlet access to a TACACS+ account

The Add OutletToTACACS command grants a TACACS+ account access to one or all outlets. To grant access for more than one outlet, but not all outlets, you must use multiple Add OutletToTACACS commands.

To grant outlet access to a TACACS+ account:

At the Sentry: prompt, type add outlettotacacs, optionally followed by an outlet name and a TACACS+ account number. Press Enter, or

Type add outlettotacacs all, followed by a TACACS+ account number and press Enter.

Examples

The following commands grant the a TACACS+ account 5 access to outlets A1 and Webserver_1:

Sentry:add outlettotacacs .a1 5<Enter>

Sentry:add outlettotacacs WebServer_1 5<Enter>

Sentry PT22

Advanced Operations • 65

Installation and Operations Manual