Authorization Exception Rule
Location in GUI: Work Centers » Device Administration » Device Admin Policy Sets » XXX » Authorization Policy - Local Exceptions
Diagram
Section titled “Diagram”Classes
Section titled “Classes”policy_sets (ise.device_administration)
Section titled “policy_sets (ise.device_administration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| authorization_exception_rules | List | [authorization_exception_rules] | No |
authorization_exception_rules (ise.device_administration.policy_sets)
Section titled “authorization_exception_rules (ise.device_administration.policy_sets)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\. ]+$ | Yes | |
| state | Choice | enabled, disabled, monitor | No | enabled |
| condition | Class | [condition] | No | |
| profile | String | No | ||
| command_sets | List | String | No |
condition (ise.device_administration.policy_sets.authorization_exception_rules)
Section titled “condition (ise.device_administration.policy_sets.authorization_exception_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | false |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.device_administration.policy_sets.authorization_exception_rules.condition)
Section titled “children (ise.device_administration.policy_sets.authorization_exception_rules.condition)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlock | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No | ||
| children | List | [children] | No |
children (ise.device_administration.policy_sets.authorization_exception_rules.condition.children)
Section titled “children (ise.device_administration.policy_sets.authorization_exception_rules.condition.children)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | ConditionReference, ConditionAttributes | Yes | |
| is_negate | Boolean | true, false | No | |
| dictionary_name | String | No | ||
| attribute_name | String | No | ||
| operator | Choice | contains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWith | No | |
| attribute_value | String | No | ||
| name | String | No |
Examples
Section titled “Examples”ise: device_administration: policy_sets: - name: Global Policy authorization_exception_rules: - name: User3 default: false state: enabled condition: type: ConditionAttributes is_negate: false dictionary_name: TACACS attribute_name: User operator: equals attribute_value: User3 profile: Default Shell Profile command_sets: - DenyAllCommands