HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
58
groups. TAM does not allow canceling the administrator's management privileges to any device
user group.
Select the boxes next to the operators. Selected maintainers can manage the device user group.
Selected viewers can view information about the device user group.
6. Click OK.
Modifying a device user group or a sub-group
After you change the authorization policy of a device user group/sub-group, TAM controls the online
users in the device user group/sub-group as follows:
• TAM still applies the shell profile configured in the original authorization policy to the online users.
• TAM applies the authorization scenario and command set in the new authorization policy to the
online users.
TAM determines the authorization scenario to which a device user belongs according to the new
authorization policy. The command set configured for the new scenario applies to the device user
when the device user executes commands.
To modify a device user group or sub-group:
1. Click the User tab.
2. Select Device User View > Device User Groups from the navigation tree.
The Device User Group List displays all device user groups.
3. Click the Modify icon for the device user group/sub-group you want to modify.
The Modify Device User Group page appears.
4. Modify the basic information for the device user group/sub-group:
Group Name—Enter the group name, which must be unique in TAM.
The group name for the pre-defined device user group Ungrouped cannot be modified.
Authorization Policy—Select an authorization policy or the CLI Access Not Supported option
for a level-1 group. Select an authorization policy or the CLI Access Not Supported option, or
leave this field empty for a level-2 to level-5 group.
If you select an authorization policy, all device users in the group use the selected
authorization policy.
If you select the CLI Access Not Supported option, device users in the group can only log in to
the device but cannot execute commands on the device.
If you leave this field empty, the group uses the authorization policy of its parent group.
If the parent group has no authorization policy, either, the group uses the authorization policy
of the upper-level group of the parent group, and so forth to the level-1 group, until a group is
matched.
Parent Group Name—This field cannot be modified. This field displays two hyphens (--) for a
level-1 group, and displays the name of the parent group for a level-2 to level-5 group.
Description—Enter a description for the group for easy maintenance.
The description of the pre-defined device user group Ungrouped cannot be modified.
5. Specify the operators that can manage the device user group/sub-group:
The Authorized Operators table lists all IMC operators. In terms of operation role, IMC operators
include the administrator, maintainers, and viewers. The administrator can manage all device user