Skip to content

Authorization Exception Rule

Location in GUI: Work Centers » Device Administration » Device Admin Policy Sets » XXX » Authorization Policy - Local Exceptions

Diagram
NameTypeConstraintMandatoryDefault Value
authorization_exception_rulesList[authorization_exception_rules]No

authorization_exception_rules (ise.device_administration.policy_sets)

Section titled “authorization_exception_rules (ise.device_administration.policy_sets)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\. ]+$Yes
stateChoiceenabled, disabled, monitorNoenabled
conditionClass[condition]No
profileStringNo
command_setsListStringNo

condition (ise.device_administration.policy_sets.authorization_exception_rules)

Section titled “condition (ise.device_administration.policy_sets.authorization_exception_rules)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNofalse
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.policy_sets.authorization_exception_rules.condition)

Section titled “children (ise.device_administration.policy_sets.authorization_exception_rules.condition)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.policy_sets.authorization_exception_rules.condition.children)

Section titled “children (ise.device_administration.policy_sets.authorization_exception_rules.condition.children)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributesYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo

ise:
device_administration:
policy_sets:
- name: Global Policy
authorization_exception_rules:
- name: User3
default: false
state: enabled
condition:
type: ConditionAttributes
is_negate: false
dictionary_name: TACACS
attribute_name: User
operator: equals
attribute_value: User3
profile: Default Shell Profile
command_sets:
- DenyAllCommands