HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
46
h. To delete a rule, click the icon for the target rule.
6. Click OK.
Modifying a command set
A command set immediately takes effect on online users (users that have logged in to the device)
controlled by the command set, which means the modified command set is used to determine the
commands that can be executed by the online users.
To modify a command set:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Command > Command Sets from the navigation
tree.
The Command Set List displays all command sets.
3. Click the Modify icon for the command set you want to modify. The Modify Command Set page
appears.
4. Modify basic information:
Command Set Name—Enter the name of the command set, which must be unique in TAM.
Default Authorization Type—Select Permit or deny. Permit means a device user can use
commands not in the command set. Deny means a user cannot use commands not in the
command set. After you configure the authorization mode of a command, the priority of the
configured authorization type takes precedence over the default authorization type.
Description—Enter a description for the command set to aid maintenance.
5. Modify command set information:
Each line in a command set list defines a rule, which permits or denies a user to execute one
command or multiple commands defined by *.
a. Click Add in the Command Set Information area.
b. Select Permit or Deny from the Authorization list.
c. Enter a command name, which is usually the keyword of the command. For example, the name
of the display current-configuration command is display. When you configure a command
name in TAM, you must enter the complete name of the command. For example, you cannot
enter dis or disp. However, when you enter a command on the device, you can enter part of
a keyword. For example, you can enter disp, for display.
d. Enter the command parameters. You can enter one or more parameters. For example, the
parameter of the display current-configuration command is current-configuration. When you
configure a parameter in TAM, you must enter the complete parameter. For example, you
cannot enter cur or current for current-configuration. However, when you enter a command
parameter on the device, you can enter part of a parameter. For example, you can enter
current for current-configuration. In addition, you can enter * or keep the Parameters field
empty. * means to match any parameter. Empty means to match no parameter.
e. Click OK.
f. Click the icon or to raise or decrease the priority of the rule. If the command you
execute matches multiple rules, the rule with the highest priority applies.
g. Click the Modify icon for the target rule. Repeat steps b through e.
h. To delete a rule, click the Delete icon for the target rule.