Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Assign personal access list to user in ACS 5.1

Hello.

Is there any way (in ACS 5.1) to assign personal access list to each user instead of assigning it to Authorization profile and Authorization profile to user?

Thanks for any help.

Everyone's tags (4)
5 REPLIES
Gold

Re: Assign personal access list to user in ACS 5.1

Please clarify what you refer to as "personal access list". Which RADIUS attributes would be returned to set this personal access list

Community Member

Re: Assign personal access list to user in ACS 5.1

Hello.

In ealrier versions of ACS (for example 3.2) we could assign individual Downloadable ACL to each user.

Can I create the same in 5.1 ?

Best regards,

  Pavel

Gold

Re: Assign personal access list to user in ACS 5.1

This should be possible

You need to do the following:

1) GotoSystem Administration > Configuration > Dictionaries > Identity >Internal Users > Create

Create a user attribute that will store the DACL name of type string. We wil call this attribute DACL

2) When you create a user (Users and Identity Stores > Internal Identity Stores > Users > Create) you will now see the attribute "DACL" that can be created as part of each user record

3) Create an authorization profile: (Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles > Create)

In "Common Tasks" tab, for "Downloadable ACL Name" select "Dynamic" option followed by "Internal Users"  and then select the name of attribute you seelcted in step 1)

You can now use this authrization profile as a result in policies. When a user authentications the string from the DACL attribute in the user record will be used as the name of the attribute to download

Community Member

Re: Assign personal access list to user in ACS 5.1

hi jrabinow

have you tried to do this? did it worked?

cheers

Antero

Gold

Re: Assign personal access list to user in ACS 5.1

Sure I did try it before posting and it did work. There was one issue found when a change to the profile definition did not take effect until after a restart. This was fixed in ACS 5.3

CSCtn67457 dynamic attributes in authorization profiles stop working after change

What release are you on. if you upgrade to ACS 5.3 make sure to install latest patch during upgrade as directed by release notes

2945
Views
10
Helpful
5
Replies
CreatePlease to create content