Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager Software Module Additional 50-node QTY E-LTU
51525354555657585960
50
Device Area/Device Type/Authorized Time RangeThe combination of the three parameters
uniquely identifies an authorization scenario. A user matches the scenario only when the user
logs in to a device of the specified device type on the device area within the authorized time
range. For more information about configuring device areas, see "Managing device areas."
For more information about configuring device types, see "Managing device types." For more
information about configuring authorized time ranges, see "Configuring authorized time range
policies."
Shell ProfileControls login behaviors of the device user who matches the scenario. For more
information about shell profiles, see "Shell profile."
Authorization Command SetSet of all authorized commands for the device user who
matches the scenario to execute after login. For more information about configuring command
sets, see "Command set."
PriorityPriority of the authorization rule and its scenario. The authorization rules and
scenarios are listed in descending order of priority. If a user matches multiple scenarios, TAM
applies the shell profile and command set defined in the scenario with the highest priority to the
user.
4. Click Back to return to the Authorization Policy List.
Adding an authorization policy
To add an authorization policy:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Policies from the navigation tree.
The Authorization Policy List displays all authorization policies.
3. Click Add in the Authorization Policy List area.
The Add Authorization Policy page appears.
4. Configure basic information for the authorization policy:
Authorization Policy NameEnter the authorization policy name, which must be unique in
TAM.
DescriptionEnter a brief description of the authorization policy for easy maintenance.
5. Configure authorization rules for the authorization policy: predefined, user-defined, or both.
Each entry in the Access Authorization Info list represents a separate authorization rule, which
defines the shell profile and command set to be applied to the login users in a specific scenario.
The authorization rules and scenarios are listed in descending order of priority. If a user matches
multiple scenarios, TAM applies the shell profile and command set defined in the scenario with the
highest priority to the user.
Modifying the predefined authorization rule
The Access Authorization Info list contains a predefined authorization rule that always has the
lowest priority. The rule applies to users who match no user-defined authorization rules. With the
default setting, the rule prohibits users from logging in to any device and executing any command.
Operators cannot delete the rule, but can modify its settings.
To modify the predefined authorization rule:
a. Click the Modify icon for the rule.
The Modify Access Authorization window appears.
b. Modify the following parameters for the rule: