Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager Software Module Additional 50-node QTY E-LTU
31323334353637383940
29
4 Authorization scenarios
An authorization policy defines one or multiple authorization scenarios, and assigns each scenario one
shell profile and one command set. Administrators can assign authorization policies to individual device
users or device user groups. When a device user logs in to manage a device, TAM matches the user with
a scenario and applies the shell profile and command set of the scenario to the user for device
management.
An authorization scenario is identified by the combination of the following three elements:
Device areaArea to which the device belongs. Operators can divide device areas by location or
network layer of the device.
Device Type—Type of the device. Command lines provided by devices of different types may be
different.
Authorized time rangeTime range during which a user logs in to manage the device.
TAM can authorize device users with different device login and management privileges according to the
device area, device type, and authorized time range.
Managing device areas
Operators can classify device areas by various criteria, for example, location or network layer. TA M
supports hierarchical management of device areas. You can divide a level-1 (top level) device area into
one or multiple level-2 device areas.
TAM supports a device area hierarchy of at most 5 levels. Two device areas in adjacent levels are
referred to as parent area and child area, respectively. For example, a level-1 device area is the parent
area of all its level-2 areas, and the level-2 device areas are the child areas of the level-1 device area.
A device area can contain only devices or sub-areas. If a device area already contains a device, you
cannot add sub-areas for it. If a device area has a sub-area, you cannot add devices to the device area.
TAM can authorize device users with different device login and management privileges according to the
device area.
Viewing the device area list
To view the device area list:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Scenarios > Device Areas from the navigation
tree.
The Device Area List displays all device areas.
Device area list contents
Area NameDevice area name, which must be unique in TAM. Click the name link of a device
area to view its details.
DescriptionDescription of the device area.
Device ListClick the Device List icon for a device area to view its device list.