Skip to content

Authorization Global Exception Rule

Location in GUI: Work Centers » Device Administration » Device Admin Policy Sets » XXX » Authorization Policy - Global Exceptions

Diagram
NameTypeConstraintMandatoryDefault Value
authorization_global_exception_rulesList[authorization_global_exception_rules]No

authorization_global_exception_rules (ise.device_administration)

Section titled “authorization_global_exception_rules (ise.device_administration)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\. ]+$Yes
stateChoiceenabled, disabled, monitorNoenabled
conditionClass[condition]No
profileStringNo
command_setsListStringNo

condition (ise.device_administration.authorization_global_exception_rules)

Section titled “condition (ise.device_administration.authorization_global_exception_rules)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNofalse
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.authorization_global_exception_rules.condition)

Section titled “children (ise.device_administration.authorization_global_exception_rules.condition)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributes, ConditionAndBlock, ConditionOrBlockYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo
childrenList[children]No

children (ise.device_administration.authorization_global_exception_rules.condition.children)

Section titled “children (ise.device_administration.authorization_global_exception_rules.condition.children)”
NameTypeConstraintMandatoryDefault Value
typeChoiceConditionReference, ConditionAttributesYes
is_negateBooleantrue, falseNo
dictionary_nameStringNo
attribute_nameStringNo
operatorChoicecontains, endsWith, equals, greaterOrEquals, greaterThan, in, ipEquals, ipGreaterThan, ipLessThan, ipNotEquals, lessOrEquals, lessThan, matches, notContains, notEndsWith, notEquals, notIn, notStartsWith, startsWith, macContains, macEndsWith, macEquals, macIn, macNotContains, macNotEndsWith, macNotEquals, macNotIn, macNotStartsWith, macStartsWithNo
attribute_valueStringNo
nameStringNo

ise:
device_administration:
authorization_global_exception_rules:
- name: User2
default: false
state: enabled
condition:
type: ConditionAttributes
is_negate: false
dictionary_name: TACACS
attribute_name: User
operator: equals
attribute_value: User2
command_sets:
- DenyAllCommands