https://community.cisco.com/t5/network-access-control/time-based-authorization-authentication-on-devices-acs-5-4/m-p/2284907#M108085 <HTML><HEAD></HEAD><BODY><P>&nbsp; Hi,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>Yes. You need to create a date and time policy condition.</P><P>Policy Elements -&gt; Session Conditions -&gt; Date and Time.</P><P></P><P>You can specify the time there and then you can use the one you created in the authorization policy.</P><P>For example, you configure the date time condition to be from 8000 - 2300.</P><P>Then you go to the authorization policy and configure if it matches the date time instance then return a authorization profile (read write). otherwise (if not matching) return the authorization profile (read only).</P><P>(use shell profile instead if you are using TACACS+).</P><P></P><P></P><P><SPAN style="color: blue;">Rating useful replies is more useful than saying <SPAN style="color: green;"> "<SPAN style="text-decoration: underline;">Thank you</SPAN>"</SPAN></SPAN></P></BODY></HTML> Thu, 22 Aug 2013 14:10:02 GMT Amjad Abdullah 2013-08-22T14:10:02Z https://community.cisco.com/t5/network-access-control/time-based-authorization-authentication-on-devices-acs-5-4/m-p/2284906#M108082 <P>Hi,</P><P></P><P>Do we have any option where we can allow config access to a particular external/internal user for certain time period. Time based device access.</P><P></P><P>We've External Identity Store in our environment where user got authenticated via LDAP server. </P><P>For Example - There is a user 'X'. I want to grant him config access on devices from 8:00 AM to 11:00 PM daily. After that he should only has Read Only access on the devices.</P><P></P><P>Please let me know if any other information is required from my side.</P><P></P><P>My ACS Ver is 5.4</P><P></P><P>Regards,</P><P>SYED</P> Mon, 11 Mar 2019 03:48:23 GMT https://community.cisco.com/t5/network-access-control/time-based-authorization-authentication-on-devices-acs-5-4/m-p/2284906#M108082 Jayavel Arumugam 2019-03-11T03:48:23Z https://community.cisco.com/t5/network-access-control/time-based-authorization-authentication-on-devices-acs-5-4/m-p/2284907#M108085 <HTML><HEAD></HEAD><BODY><P>&nbsp; Hi,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>Yes. You need to create a date and time policy condition.</P><P>Policy Elements -&gt; Session Conditions -&gt; Date and Time.</P><P></P><P>You can specify the time there and then you can use the one you created in the authorization policy.</P><P>For example, you configure the date time condition to be from 8000 - 2300.</P><P>Then you go to the authorization policy and configure if it matches the date time instance then return a authorization profile (read write). otherwise (if not matching) return the authorization profile (read only).</P><P>(use shell profile instead if you are using TACACS+).</P><P></P><P></P><P><SPAN style="color: blue;">Rating useful replies is more useful than saying <SPAN style="color: green;"> "<SPAN style="text-decoration: underline;">Thank you</SPAN>"</SPAN></SPAN></P></BODY></HTML> Thu, 22 Aug 2013 14:10:02 GMT https://community.cisco.com/t5/network-access-control/time-based-authorization-authentication-on-devices-acs-5-4/m-p/2284907#M108085 Amjad Abdullah 2013-08-22T14:10:02Z