Time Based Authorization/Authentication on devices :: ACS 5.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2013 05:58 AM - edited 03-10-2019 08:48 PM
Hi,
Do we have any option where we can allow config access to a particular external/internal user for certain time period. Time based device access.
We've External Identity Store in our environment where user got authenticated via LDAP server.
For Example - There is a user 'X'. I want to grant him config access on devices from 8:00 AM to 11:00 PM daily. After that he should only has Read Only access on the devices.
Please let me know if any other information is required from my side.
My ACS Ver is 5.4
Regards,
SYED
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2013 07:10 AM
Hi,
Yes. You need to create a date and time policy condition.
Policy Elements -> Session Conditions -> Date and Time.
You can specify the time there and then you can use the one you created in the authorization policy.
For example, you configure the date time condition to be from 8000 - 2300.
Then you go to the authorization policy and configure if it matches the date time instance then return a authorization profile (read write). otherwise (if not matching) return the authorization profile (read only).
(use shell profile instead if you are using TACACS+).
Rating useful replies is more useful than saying "Thank you"
