Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager Software Module Additional 50-node QTY E-LTU
51525354555657585960
52
Move DownClick the Move Down icon for an authorization rule to reduce its priority.
If a device user matches multiple scenarios, TAM applies the shell profile and command set
defined in the scenario that has the highest priority to the user.
j. To modify an authorization rule, click the Modify icon for the rule and perform steps b
through d.
k. To delete an authorization rule, click the Delete icon for the rule.
6. Click OK.
Modifying an authorization policy
Modifying an authorization policy does not affect the shell profile of the scenario to which an online
device user matches, but affects the command set to be applied.
If the command set of the scenario is changed, the new command set applies to the online device
user.
If the scenario to which the online device user matches is changed, the command set of the new
scenario applies to the user.
To modify an authorization policy:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > Authorization Policies from the navigation tree.
The Authorization Policy List displays all authorization policies.
3. Click the Modify icon for the authorization policy you want to modify.
The Modify Authorization Policy page appears
.
4. Modify basic information for the authorization policy:
Authorization Policy NameEnter the authorization policy name, which must be unique in
TAM.
DescriptionEnter a brief description of the authorization policy for easy maintenance.
5. Modify authorization rules for the authorization policy: predefined, user-defined, or both.
Modifying the predefined authorization rule
The Access Authorization Info list contains a predefined authorization rule that always has the
lowest priority. The rule applies to users who match no user-defined authorization rules. With the
default setting, the rule prohibits users from logging in to any device and executing any command.
Operators cannot delete the rule, but can modify its settings.
a. Click the Modify icon for the rule.
The Modify Access Authorization window appears.
b. Modify the following parameters for the rule:
The Device Area, Device Type, and Authorized Time Range fields cannot be modified.
Shell ProfileSelect a shell profile, Deny, or Default Device Configuration from the list. The
shell profile controls login behaviors of the device user who matches the rule. With the Deny
option, the device denies user logins. With the Default Device Configuration option, the device
applies the default settings configured at the CLI to the user, including the access control list,
commands for automatic execution, authorization level, user-defined attributes, idle time, and
timeout timer.