Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
1
Replies

Downloadable ACL for users only?

Go to solution
vita_user
Level 1
Level 1

‎12-18-2013 03:31 AM - edited ‎03-10-2019 09:12 PM

Hello all,

in ACS 5.4 I need customized ACL for users only.

My scenario:

There is a way to use some "Downloadable ACLs" in authorization profile but I want to define specific ACLs for some exeptions. For example: User A and user B get autorization profile "X". But user B is not allowed to access on a host. This "Deny rule" I will configure with custom attributes in the internal user store.

Is that possible? How can I implement this rule?

best regards,

Stefan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎12-19-2013 06:43 PM

Hi,

You can do this by following these steps:

1. Set a user defined dictionary attribute under System Administration > Dictionary > Identity >Internal Users name it what you want and make sure the value is string

2. Create the DACL in Named Permission Objects under the policy elements section

3. Under the user account you will now see a filed for the dictionary name you called in step 1, make sure the filed matches the dacl you created in step 2

4. Create your authorization profile under "common tasks" Set Dynamic as the DACL drop down select Internal Users and set the value to the attribute you created in step1.

5 map the authorization policy to the access policy using the conditions that will give you these results.

6. test and you should have what you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎12-19-2013 06:43 PM

Hi,

You can do this by following these steps:

1. Set a user defined dictionary attribute under System Administration > Dictionary > Identity >Internal Users name it what you want and make sure the value is string

2. Create the DACL in Named Permission Objects under the policy elements section

3. Under the user account you will now see a filed for the dictionary name you called in step 1, make sure the filed matches the dacl you created in step 2

4. Create your authorization profile under "common tasks" Set Dynamic as the DACL drop down select Internal Users and set the value to the attribute you created in step1.

5 map the authorization policy to the access policy using the conditions that will give you these results.

6. test and you should have what you are looking for.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents