6-33
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Configuring a Shell Command Authorization Set for a User Group
Use this procedure to specify the shell command authorization set parameters for
a group. There are four options:
• None—No authorization for shell commands.
• Assign a Shell Command Authorization Set for any network device—One
shell command authorization set is assigned, and it applies to all network
devices.
• Assign a Shell Command Authorization Set on a per Network Device
Group Basis—Enables you to associate particular shell command
authorization sets to be effective on particular NDGs.
• Per Group Command Authorization—Enables you to permit or deny
specific Cisco IOS commands and arguments at the group level.
Note This feature requires that you have previously configured a shell command
authorization set. For detailed steps, see Adding a Command Authorization Set,
page 5-31.
To specify shell command authorization set parameters for a user group, follow
these steps:
Step 1 In the navigation bar, click Group Setup.
The Group Setup Select page opens.
Step 2 From the Group list, select a group, and then click Edit Settings.
The Group Settings page displays the name of the group at its top.
Step 3 From the Jump To list at the top of the page, choose TACACS+.
The system displays the TACACS+ Settings table section.
Step 4 Use the vertical scrollbar to scroll to the Shell Command Authorization Set
feature area.
Step 5 To prevent the application of any shell command authorization set, select (or
accept the default of) the None option.
