7-27
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 7 Setting Up and Managing User Accounts
Advanced User Authentication Settings
Result: The NDG or NDGs and associated shell command authorization set
or sets appear paired in the table.
Step 7
To define the specific Cisco IOS commands and arguments to be permitted or
denied for this user, follow these steps:
a.
Select the Per User Command Authorization option.
b.
Under Unmatched Cisco IOS commands, select either Permit or Deny.
If you select Permit, the user can issue all commands not specifically listed.
If you select Deny, the user can issue only those commands listed.
c.
To list particular commands to be permitted or denied, select the Command
check box and then type the name of the command, define its arguments using
standard permit or deny syntax, and select whether unlisted arguments are to
be permitted or denied.
Warning
This is a powerful, advanced feature and should be used by an administrator
skilled with Cisco IOS commands. Correct syntax is the responsibility of the
administrator. For information on how Cisco Secure ACS uses pattern matching
in command arguments, see
About Pattern Matching, page 5-15
.
Tip
To enter several commands, you must click Submit after specifying a
command. A new command entry box appears below the box you just
completed.
Step 8
Do one of the following:
•
If you are finished configuring the user account options, click Submit to
record the options.
•
To continue to specify the user account options, perform other procedures in
this chapter, as applicable.