Assign personal access list to user in ACS 5.1

Unanswered Question
Apr 5th, 2010
User Badges:

Hello.


Is there any way (in ACS 5.1) to assign personal access list to each user instead of assigning it to Authorization profile and Authorization profile to user?


Thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
jrabinow Mon, 04/05/2010 - 14:51
User Badges:
  • Cisco Employee,

Please clarify what you refer to as "personal access list". Which RADIUS attributes would be returned to set this personal access list

pbaleshenko Wed, 04/07/2010 - 03:50
User Badges:

Hello.


In ealrier versions of ACS (for example 3.2) we could assign individual Downloadable ACL to each user.

Can I create the same in 5.1 ?



Best regards,

  Pavel

jrabinow Wed, 04/07/2010 - 05:08
User Badges:
  • Cisco Employee,

This should be possible


You need to do the following:


1) Goto

System Administration > Configuration > Dictionaries > Identity >Internal Users > Create

Create a user attribute that will store the DACL name of type string. We wil call this attribute DACL


2) When you create a user (

Users and Identity Stores > Internal Identity Stores > Users > Create) you will now see the attribute "DACL" that can be created as part of each user record

3) Create an authorization profile: (

Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles > Create)

In "Common Tasks" tab, for "Downloadable ACL Name" select "Dynamic" option followed by "Internal Users"  and then select the name of attribute you seelcted in step 1)

You can now use this authrization profile as a result in policies. When a user authentications the string from the DACL attribute in the user record will be used as the name of the attribute to download

jrabinow Tue, 06/12/2012 - 14:26
User Badges:
  • Cisco Employee,

Sure I did try it before posting and it did work. There was one issue found when a change to the profile definition did not take effect until after a restart. This was fixed in ACS 5.3


CSCtn67457 dynamic attributes in authorization profiles stop working after change


What release are you on. if you upgrade to ACS 5.3 make sure to install latest patch during upgrade as directed by release notes

Actions

This Discussion

Related Content