HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional Unlimited-node License

111

112

113

114

115

116

117

118

119

120

110

• CLI authorization logs—After a device is enabled with the CLI authorization function, each time a

user executes a command, TAM checks whether the user has the right to execute the command and

records a CLI authorization log.

An authorization log result can be Permit or Deny. An authorization Deny log also provides the reason

for the deny action.

Authorization logs can be exported to a file for future audit.

Viewing the authorization log list

To view the authorization log list:

1. Click the User tab.

2. Select Device User View > Log Management > AuthZ Logs from the navigation tree.

The Authorization Log List displays all authorization logs.

Authorization log list contents

 Result—Authorization result, Permit or Deny.

 Failure Reason—Reason for the deny action. If the authorization result is Permit, this field is

empty.

 Login Name—Username sent by the device to TAM, which is not the username that a device

user entered when logging in to the device. Login name of a device user contains redundant

information, and needs to be extracted. TAM matches the extracted login name against the

account name and authenticates the user. The rules for extracting the login name are

configured in system parameter configuration. For more information, see "Configuring system

parameters."

 Account Name—Account name of the device user. Accounts with the name followed by

#delete0# are cancelled accounts. Click the account name of a device user to view its details.

For more information about device user details, see "Viewing device user details."

 Authorization Type—Type of the authorization, Login Authorization or CLI Authorization. Login

Authorization indicates TAM authorizes a device user using the shell profile at user login. CLI

Authorization indicates TAM determines whether to permit or deny a device user to execute a

command according to the command set that the device user matches.

 Authorization Policy Name—Name of the authorization policy used by the device user. Click

the name link of an authorization policy to view its details. For more information about

authorization policy details, see "Viewing authorization policy details."

 Authorization Time—Date and time when TAM performed the authorization, in the format of

YYYY-MM-DD hh:mm:ss.

 Device IP—IP address of the device to which the device user logs in.

 Details—Click the Details icon for an authorization log to view its details.

Navigating the authorization log list

 Click to page forward in the authorization log list.

 Click to page forward to the end of the authorization log list.

 Click to page backward in the authorization log list.

 Click to page backward to the front of the authorization log list.