Cisco NAC Guest Server Installation and Configuration Guide, Release 1.0.0 - Configuring User Group Permissions [Cisco NAC Guest Server]

Table Of Contents

Configuring User Group Permissions

Adding User Groups

Editing User Groups

Deleting User Groups

Configuring User Group Permissions

User groups are the method by which to assign permissions to the sponsors. You can set role-based permissions for sponsors to allow or restrict access to different functions, such as creating accounts, modifying accounts, generating reports, and sending account details to guests by email or SMS.

Tip By default all users are assigned to the DEFAULT group. I f you only want to have a single classification of sponsors, you can edit the DEFAULT group.

This chapter describes the following:

•Adding User Groups

•Editing User Groups

•Deleting User Groups

Adding User Groups

You can create a new sponsor user group using the following steps.

Step 1 From the administration interface select Authentication > User Groups from the left hand menu (Figure 5-1).

Figure 5-1 User Groups

Step 2 Click the Add Group button to add a new user group.

Step 3 From the Add a New User Group page (Figure 5-2), enter the details for a new user group.

Figure 5-2 Create New User Group

Step 4 Group Name —Type the name of the group into which you want to place sponsor users.

Step 5 Active Directory Group—If you have configured AD authentication (as described in Configuring Active Directory (AD) Authentication, page 4-5), then the Guest Server retrieves a list of all the groups configured within all the AD servers configured. Selecting an Active Directory Group from the dropdown provides all sponsor users who are in this AD group the permissions of this group.

Note Overlapping AD groups are not supported in release1.0.0. Cisco recommends creating unique AD groups to map to the User Groups defined on the Cisco NAC Guest Server.

Step 6 Set Permissions for the new User Group as follows:

•Allow Login—Select Yes to allow sponsors in this group to access the Cisco NAC Guest Server. Select No otherwise.

•Create Account—Select Yes to allow sponsors to create guest accounts. Select No otherwise.

•Send Email—Select Yes to allow sponsors to send account details via email from the Guest Server to the guest user. Select No otherwise.

•Send SMS—Select Yes to allow sponsors to send account details via SMS from the Guest Server to the guest user. Select No otherwise.

•Edit Account—Choose one of the following permissions for editing the end date/time on guest accounts:

–No—Sponsors are not allowed to edit any accounts.

–Own Account—Sponsors are allowed to edit only the accounts they created.

–All Accounts—Sponsors are allowed to edit any guest accounts.

•Suspend Account—Choose one of the following options for suspending accounts:

–No—Sponsors are not allowed to suspend any accounts.

–Own Account—Sponsors are allowed to suspend only the accounts they created.

–All Accounts—Sponsors are allowed to suspend any guest accounts.

•Reporting (Active)—Choose one of the following permissions for viewing reporting details for active accounts

–No—Sponsors are not allowed to view reporting details on any accounts.

–Own Account—Sponsors are allowed to view reporting details for only the accounts they created.

–All Accounts—Sponsors are allowed to view reporting details on any active guest accounts.

•Reporting (Edit)—Choose one of the following permissions for running full reporting:

–No—Sponsors are not allowed to run full reporting on any accounts.

–Own Account—Sponsors are allowed to run full reporting for only the accounts they created.

–All Accounts—Sponsors are allowed to run full reporting on any active guest accounts.

Step 7 Click the Add Group button to add the group with the permissions specified.

Editing User Groups

The following steps describe how to edit sponsor user groups.

Step 1 From the administration interface select Authentication > User Groups from the left hand menu.

Step 2 Select the group you wish to edit and click the Edit Group button (Figure 5-3).

Figure 5-3 Select the User to Edit

Step 3 In the Edit an existing User Group page (Figure 5-4), change the settings for the group.

Figure 5-4 Edit User Group

•Active Directory Group—If you have configured AD authentication (as described in Configuring Active Directory (AD) Authentication, page 4-5), then the Guest Server retrieves a list of all the groups configured within all the AD servers configured. Selecting an Active Directory Group from the dropdown provides all sponsor users who are in this AD group the permissions of this group.

Note Overlapping AD groups are not supported in release1.0.0. Cisco recommends creating unique AD groups to map to the User Groups defined on the Cisco NAC Guest Server.

•Allow Login—Edit whether or not the sponsor is allowed to access the Cisco NAC Guest Server.

•Create Account—Edit whether or not the sponsor is allowed to create guest accounts.

•Send Email—Edit whether or not the sponsor is allowed to send account details via automated email to the guest user.

•Send SMS—Edit whether or not the sponsor is allowed to send account details via automated SMS to the guest user.

•Edit Account—Edit whether or not the sponsor is allowed to modify the end date/time for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No).

•Suspend Account—Edit whether or not the sponsor is allowed to suspend accounts they created (Own Account), any accounts (All Accounts) or no accounts (No).

•Active Accounts — Edit whether or not the sponsor can view the active accounts for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No).

•Full Reporting—Edit whether or not the sponsor can run full reporting for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No).

Step 4 When finished, click the Save Group button.

Deleting User Groups

Step 1 From the administration interface select Authentication > User Groups from the left hand menu.

Figure 5-5 List Groups to Delete

Step 2 Select the group you wish to delete and click the Delete Group button (Figure 5-5).

Step 3 Confirm deletion at the prompt.

Note If any Local Users are part of this group, you must delete the user before deleting the user group.

	Cisco NAC Guest Server Installation and Configuration Guide, Release 1.0.0
	Configuring User Group Permissions
Cisco NAC Guest Server Installation and Configuration Guide, Release 1.0.0 About This Guide Welcome to Cisco NAC Guest Server Installing Cisco NAC Guest Server System Setup Configuring Sponsor Authentication Configuring User Group Permissions Configuring Guest Login Policies Integrating with Cisco NAC Appliance Configuring RADIUS Clients Guest Account Notification Customizing the Application Logging and Troubleshooting Sponsor Documentation Open Source License Acknowledgements	Download this chapter Configuring User Group Permissions Download the complete book Book-length PDF (PDF - 3 MB) Table Of Contents Configuring User Group Permissions Adding User Groups Editing User Groups Deleting User Groups Configuring User Group Permissions User groups are the method by which to assign permissions to the sponsors. You can set role-based permissions for sponsors to allow or restrict access to different functions, such as creating accounts, modifying accounts, generating reports, and sending account details to guests by email or SMS. Tip By default all users are assigned to the DEFAULT group. I f you only want to have a single classification of sponsors, you can edit the DEFAULT group. This chapter describes the following: •Adding User Groups •Editing User Groups •Deleting User Groups Adding User Groups You can create a new sponsor user group using the following steps. Step 1 From the administration interface select Authentication > User Groups from the left hand menu (Figure 5-1). Figure 5-1 User Groups Step 2 Click the Add Group button to add a new user group. Step 3 From the Add a New User Group page (Figure 5-2), enter the details for a new user group. Figure 5-2 Create New User Group Step 4 Group Name —Type the name of the group into which you want to place sponsor users. Step 5 Active Directory Group—If you have configured AD authentication (as described in Configuring Active Directory (AD) Authentication, page 4-5), then the Guest Server retrieves a list of all the groups configured within all the AD servers configured. Selecting an Active Directory Group from the dropdown provides all sponsor users who are in this AD group the permissions of this group. Note Overlapping AD groups are not supported in release1.0.0. Cisco recommends creating unique AD groups to map to the User Groups defined on the Cisco NAC Guest Server. Step 6 Set Permissions for the new User Group as follows: •Allow Login—Select Yes to allow sponsors in this group to access the Cisco NAC Guest Server. Select No otherwise. •Create Account—Select Yes to allow sponsors to create guest accounts. Select No otherwise. •Send Email—Select Yes to allow sponsors to send account details via email from the Guest Server to the guest user. Select No otherwise. •Send SMS—Select Yes to allow sponsors to send account details via SMS from the Guest Server to the guest user. Select No otherwise. •Edit Account—Choose one of the following permissions for editing the end date/time on guest accounts: –No—Sponsors are not allowed to edit any accounts. –Own Account—Sponsors are allowed to edit only the accounts they created. –All Accounts—Sponsors are allowed to edit any guest accounts. •Suspend Account—Choose one of the following options for suspending accounts: –No—Sponsors are not allowed to suspend any accounts. –Own Account—Sponsors are allowed to suspend only the accounts they created. –All Accounts—Sponsors are allowed to suspend any guest accounts. •Reporting (Active)—Choose one of the following permissions for viewing reporting details for active accounts –No—Sponsors are not allowed to view reporting details on any accounts. –Own Account—Sponsors are allowed to view reporting details for only the accounts they created. –All Accounts—Sponsors are allowed to view reporting details on any active guest accounts. •Reporting (Edit)—Choose one of the following permissions for running full reporting: –No—Sponsors are not allowed to run full reporting on any accounts. –Own Account—Sponsors are allowed to run full reporting for only the accounts they created. –All Accounts—Sponsors are allowed to run full reporting on any active guest accounts. Step 7 Click the Add Group button to add the group with the permissions specified. Editing User Groups The following steps describe how to edit sponsor user groups. Step 1 From the administration interface select Authentication > User Groups from the left hand menu. Step 2 Select the group you wish to edit and click the Edit Group button (Figure 5-3). Figure 5-3 Select the User to Edit Step 3 In the Edit an existing User Group page (Figure 5-4), change the settings for the group. Figure 5-4 Edit User Group •Active Directory Group—If you have configured AD authentication (as described in Configuring Active Directory (AD) Authentication, page 4-5), then the Guest Server retrieves a list of all the groups configured within all the AD servers configured. Selecting an Active Directory Group from the dropdown provides all sponsor users who are in this AD group the permissions of this group. Note Overlapping AD groups are not supported in release1.0.0. Cisco recommends creating unique AD groups to map to the User Groups defined on the Cisco NAC Guest Server. •Allow Login—Edit whether or not the sponsor is allowed to access the Cisco NAC Guest Server. •Create Account—Edit whether or not the sponsor is allowed to create guest accounts. •Send Email—Edit whether or not the sponsor is allowed to send account details via automated email to the guest user. •Send SMS—Edit whether or not the sponsor is allowed to send account details via automated SMS to the guest user. •Edit Account—Edit whether or not the sponsor is allowed to modify the end date/time for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No). •Suspend Account—Edit whether or not the sponsor is allowed to suspend accounts they created (Own Account), any accounts (All Accounts) or no accounts (No). •Active Accounts — Edit whether or not the sponsor can view the active accounts for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No). •Full Reporting—Edit whether or not the sponsor can run full reporting for only accounts they created (Own Account), any accounts (All Accounts) or no accounts (No). Step 4 When finished, click the Save Group button. Deleting User Groups Step 1 From the administration interface select Authentication > User Groups from the left hand menu. Figure 5-5 List Groups to Delete Step 2 Select the group you wish to delete and click the Delete Group button (Figure 5-5). Step 3 Confirm deletion at the prompt. Note If any Local Users are part of this group, you must delete the user before deleting the user group.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.