Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CS-ACS - Shell Command Authorization Set

gentlemen,

I am helping out a colleague with our ACS (it was set up before both us came here) and we have noticed that some groups are assigned a shell command authorization set and other groups aren't. My question is as follows - If a group isn't assigned to an authorization set does that mean that the group can do any and all commands without restriction? I am assuming so, but have not been able to find any documentation that says so explicitly. Any help is appreciated. Thanks.

4 REPLIES

Re: CS-ACS - Shell Command Authorization Set

yes you are correct.

If a group is not assigned any shell auth set, and if the group shell privilege is configured as 15, then there is no restriction in their access

HTH

Narayan

New Member

Re: CS-ACS - Shell Command Authorization Set

Thanks. This helps a lot to clear up some confusion on the different groups.

Re: CS-ACS - Shell Command Authorization Set

Hopefully the link below provides the info you seek:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

regards,

Leo

Re: CS-ACS - Shell Command Authorization Set

Hi,

If you have command authorization set on group 1 and not on group 2 then group 2 user will NOT be able to issue any command. It will fail.

So if that group is admin group then you need to set one more command autho set will radio set to permit. Once it is done you need to bind it with admin group.

Hope that helps

~JG

Please rate helpful posts

167
Views
0
Helpful
4
Replies
CreatePlease to create content