
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2020 07:08 AM - edited 05-13-2020 07:11 AM
How can below be done for device admin policy set.
Devices
Network Device 1 (ND 1) is under All device Type>DC>ND1
Network Device 2 (ND 2) is under All device Type>DC2>ND2
----- exists untill "All device Type>DC>ND32" and "All device Type>DC2>ND32"
Users
User1 in Group Support
User2 in Group Lead
Policy Sets
First set checks whether Device Type starts with "All device Type>DC2"
Authorization policy check for usergroup support
shell profile, commands are minimum
Second set checks whether Device Type starts with "All device Type"
Authorization policy check for usergroup lead
shell profile, commands are maximum
Issue
In this case, when a user in lead group logsin to DC2>ND2 device it gets authenticated to first policy set. It does not comes to second policy set.
How can we authenticate and authorize it to second set.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2020 08:15 AM
If you say "device type equals all device types", this won't match a device that is located in "All device Type>DC2>ND2" because it's not an exact match. If you switch the logic to "contains" or "starts with", you will match any device nested under all device types.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2020 08:15 AM
If you say "device type equals all device types", this won't match a device that is located in "All device Type>DC2>ND2" because it's not an exact match. If you switch the logic to "contains" or "starts with", you will match any device nested under all device types.
