Assigning the Command Authorization
Set to Users or Groups
Now that you accept authentic the carapace command allotment set, you can assign
it to users and/or groups. Navigate to the adapted user or accumulation via the User
Setup or Accumulation Setup window. Annal bottomward aural the window to the
TACACS+ Settings breadth of the window. Analysis the Carapace (exec) analysis box,
as apparent in Figure 5.29.
To abide with the appointment of a command allotment set, annal further
down aural the TACACS+ Settings breadth of the window to the Shell
Command Allotment Set area, as apparent in Figure 5.30.Table 5.4 identifies
and describes the four options for allotment a command allotment set.
www.syngress.com
Figure 5.29 Cisco Secure ACS: Allotment Command Allotment Sets
Authentication, Authorization, and Accounting • Chapter 5 259
Table 5.4 Cisco Secure ACS: Command Allotment Set Assignment
Options
Command Allotment Set Description
Assignment Option
None Assigns no command allotment set.
This is the absence option.
As Accumulation Determines the user’s command authorization
set based on the agnate group
settings.
Assign a Carapace Command Specifies the command allotment set
Authorization Set for any to administer to the user behindhand of the AAA
network accessory applicant accessory that the user is accessing.
Assign a Carapace Command Specifies the command allotment set
Authorization Set on a per to administer to the user based on NDGs. Note
Network Accessory Accumulation base that NDGs charge be enabled in adjustment to
use this option. See the breadth entitled
“Adding a NAS to Cisco Secure ACS” for
information on how to accredit NDGs.
Figure 5.30 illustrates the alternative of the Assign a Carapace Command
Authorization Set for any arrangement accessory advantage and the alternative of a
command allotment set from the agnate drop-down list. Click the
Submit button to complete the configuration.