This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Is there any way (in ACS 5.1) to assign personal access list to each user instead of assigning it to Authorization profile and Authorization profile to user?
Thanks for any help.
In ealrier versions of ACS (for example 3.2) we could assign individual Downloadable ACL to each user.
Can I create the same in 5.1 ?
This should be possible
You need to do the following:
1) GotoSystem Administration > Configuration > Dictionaries > Identity >Internal Users > Create
Create a user attribute that will store the DACL name of type string. We wil call this attribute DACL
2) When you create a user (Users and Identity Stores > Internal Identity Stores > Users > Create) you will now see the attribute "DACL" that can be created as part of each user record
3) Create an authorization profile: (Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles > Create)
In "Common Tasks" tab, for "Downloadable ACL Name" select "Dynamic" option followed by "Internal Users" and then select the name of attribute you seelcted in step 1)
You can now use this authrization profile as a result in policies. When a user authentications the string from the DACL attribute in the user record will be used as the name of the attribute to download
Sure I did try it before posting and it did work. There was one issue found when a change to the profile definition did not take effect until after a restart. This was fixed in ACS 5.3
CSCtn67457 dynamic attributes in authorization profiles stop working after change
What release are you on. if you upgrade to ACS 5.3 make sure to install latest patch during upgrade as directed by release notes