Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 5000-node E-LTU
51525354555657585960
51
The Device Area, Device Type, and Access Period fields cannot be modified.
Shell ProfileSelect a shell profile, Deny, or Default Device Configuration from the list. The
shell profile controls login behaviors of the device user who matches the rule. With the Deny
option, the device denies user logins. With the Default Device Configuration option, the device
applies the default settings configured at the CLI to the user, including the access control list,
commands for automatic execution, authorization level, user-defined attributes, idle time, and
timeout timer.
Authorization Command SetSelect an authorization command set, Unlimited, or Forbid from
the list. The command set includes all authorized commands for the user to execute after login.
The Unlimited option allows the user to execute any command. The Forbid option prohibits the
user from executing any command.
c. Click OK.
To add a user-defined authorization rule:
d. Click Add in the Access Authorization Info area.
The Add Access Authorization window appears.
e. Define the scenario by setting the device area, device type, and authorized time range. A
device user matches the scenario only when the user logs in to a device of the specified device
type on the device area within the authorized time range.
Device AreaClick the Select Device Area icon next to the Device Area field. The Select
Device Area window appears. Select a device area or Unlimited, and then click OK. The
device area specifies the range of devices to be matched in the scenario. If you select
Unlimited, any device area matches the scenario. Click the Clear icon to clear your
selection.
Device TypeClick the Select Device Type icon next to the Device Type field. The Select
Device Type window appears. Select a device type or Unlimited, and then click OK. The device
type specifies the type of devices to be matched in the scenario. If you select Unlimited, any
device type matches the scenario. Click the Clear icon to clear your selection.
Authorized Time RangeSelect an authorized time range or Unlimited from the list. This
parameter specifies the login time range to be matched in the scenario. If you select Unlimited,
any time range matches the scenario.
f. Select the shell profile and command set for the rule:
Shell ProfileSelect a shell profile, Deny, or Default Device Configuration from the list. The
shell profile controls login behaviors of the device user who matches the rule. With the Deny
option, the device denies user logins. With the Default Device Configuration option, the device
applies the default settings configured at the CLI to the user, including the access control list,
commands for automatic execution, authorization level, user-defined attributes, idle time, and
timeout timer.
Authorization Command SetSelect an authorization command set, Unlimited, or Forbid from
the list. The command set includes all authorized commands for the user to execute after login.
The Unlimited option allows the user to execute any command. The Forbid option prohibits the
user from executing any command.
g. Click OK.
h. Repeat the previous steps to add more authorization rules as needed. You cannot add two
authorization rules with the same device area, device type, and authorized time range.
i. Adjust the priorities for the authorization rules as needed:
Move UpClick the Move Up icon for an authorization rule to raise its priority.