AAA local groups define authorization attributes that can grant additional capabilities to users. There are currently two attributes of the group element:
- administrator: True to allow the user to administer the gateway
- jailbreak-permitted: True for the gateway to accept communication from a jailbroken device
- tampered-apps-permitted: True for the gateway to accept communication from apps where post-integration tampering has been detected.
To set an AAA group as an admin group:
% set aaa auth-provider local group finance administrator true
|group finance||Name of the group|
|administrator true||This group can perform administrative actions|
To set the group to allow a user to log in from a jailbroken device:
% set aaa auth-provider local group finance jailbreak-permitted true
|jailbreak-permitted true||Enable this group of users to log in from a jailbroken device.|
|tampered-apps-permitted true||Enable this group of users to log in from apps where post-integration tampering has been detected.|
Note: Group references are not currently validated. If group does not refer to a valid entry in the group database, the user is considered to be part of the default group.