AAA local groups define authorization attributes that can grant additional capabilities to users. There are currently two attributes of the group element:

  • administrator: True to allow the user to administer the gateway
  • jailbreak-permitted: True for the gateway to accept communication from a jailbroken device
  • tampered-apps-permitted: True for the gateway to accept communication from apps where post-integration tampering has been detected.

To set an AAA group as an admin group:

% set aaa auth-provider local group finance administrator true 
BASH


Option (example)Description
group financeName of the group
administrator trueThis group can perform administrative actions

To set the group to allow a user to log in from a jailbroken device:

% set aaa auth-provider local group finance jailbreak-permitted true
BASH


OptionDescription
jailbreak-permitted trueEnable this group of users to log in from a jailbroken device.
tampered-apps-permitted trueEnable this group of users to log in from apps where post-integration tampering has been detected.

Note: Group references are not currently validated. If group does not refer to a valid entry in the group database, the user is considered to be part of the default group.