Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 100-node License
51525354555657585960
45
NameName of the command. For example, the name of the display current-configuration
command is display.
ParametersCommand parameters. For example, the parameter of the display
current-configuration command is current-configuration. If this field is displayed as *, any
parameter of the command is matched.
PriorityThe priorities of all commands in the command set are displayed in descending order.
If a command executed by a user matches multiple rules, the rule with the highest priority
applies.
4. To return to the command set list, click Back.
Adding a command set
To add a command set:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Command > Command Sets from the navigation
tree.
The Command Set List displays all command sets.
3. Click Add in the Command Set List area.
4. Configure the basic information:
Command Set NameEnter the name of the command set, which must be unique in TAM.
Default Authorization TypeThe values can be Permit or Deny. Permit means a device user can
use commands not in the command set. Deny means a user cannot use command not in the
command set.
DescriptionEnter a description for the command set to aid maintenance.
5. Configure the command set information.
Each line in a command set list defines a rule, which permits or denies a user to execute one
command or multiple commands defined by *.
a. Click Add in the Command Set Information area.
b. Select Permit or Deny from the Authorization list.
c. Enter a command name, which is usually the keyword of the command. For example, the name
of the display current-configuration command is display. When you configure a command
name in TAM, you must enter the complete name of the command. For example, you cannot
enter dis or disp for the display keyword. However, when you enter a command on the device,
you can enter part of a keyword. For example, you can enter disp for the display keyword.
d. Enter the command parameters. You can enter one or more parameters. For example, the
parameter of the display current-configuration command is current-configuration. When you
configure a parameter in TAM, you must enter the complete parameter. For example, you
cannot enter cur or current for current-configuration. However, when you enter a command
parameter on the device, you can enter part of a parameter. For example, you can enter
current for current-configuration. In addition, you can enter * or keep the Parameters field
empty. * means to match any parameter. Empty means to match no parameter.
e. Click OK.
f. Click the icon or to raise or decrease the priority of the rule. If the command you
execute matches multiple rules, the rule with the highest priority applies.
g. Click the Modify icon for the target rule. Repeat steps b through e.