Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 100-node License
41424344454647484950
40
5 Authorization command
An authorization policy comprises authorization scenarios and authorization command. Users can log in
to manage devices in different scenarios.
Authorization command defines the rights that can be authorized to a user. Authorization scenarios and
authorization command work together to authorize a user when the user logs in to the manage devices
in different scenarios.
Authorization command comprises shell profiles and command sets. A shell profile controls the ACL,
automatically executed command, authorization level, custom attributes, idle time, and timeout for device
user login. A command set defines the commands that a device user can execute after login.
Shell profile
To implement shell profile control on login users, configure a shell profile on the TAM server and enable
authorization on the device.
Before a device user logs in to the device, the user is authenticated first. After the user passes the
authentication, if login authorization is enabled on the device, the TAM server controls the ACL,
automatically executed command, authorization level, custom attributes, idle time, and timeout of the
user by shell profile.
When a shell profile works together with an authorized time range to control device users, the login time
applies. When a device user logs in to the device, the TAM server determines the authorized time range
where the user is in according to the login time of the user and uses the shell profile corresponding to this
authorized time range to control the user.
The shell profile always applies until the user logs out. Assume that you have configured two authorized
time ranges A (08:00 to 10:00) and B (10:30 to 11:00). When a user logs in to the device at 09:00,
the shell profile corresponding to authorized time range A applies as long as the user stays online. If the
user goes offline at 10:45 and goes online again, the shell profile corresponding to authorized time
range B applies.
For more information about authorized time range configuration, see "Configuring authorized time
range policies."
Viewing the shell profile list
To view the shell profile list:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Command > Shell Profiles from the navigation
tree.
The Shell Profile List displays all shell profiles.
Shell profile list contents
Shell Profile NameName of the shell profile. Click the name to view its details.
ACLACL that controls whether a user can log in to the device. ACL rules must be configured
on the device.