Configuring an AAA local group
AAA local groups define authorization attributes that can grant additional capabilities to users. There are currently two attributes of the group element:
- administrator: True to allow the user to administer the gateway
- jailbreak-permitted: True for the gateway to accept communication from a jailbroken device
- tampered-apps-permitted: True for the gateway to accept communication from apps where post-integration tampering has been detected.
To set an AAA group as an admin group:
% set aaa auth-provider local group finance administrator true
BASH
| Option (example) | Description |
|---|---|
| group finance | Name of the group |
| administrator true | This group can perform administrative actions |
To set the group to allow a user to log in from a jailbroken device:
% set aaa auth-provider local group finance jailbreak-permitted true
BASH
| Option | Description |
|---|---|
| jailbreak-permitted true | Enable this group of users to log in from a jailbroken device. |
| tampered-apps-permitted true | Enable this group of users to log in from apps where post-integration tampering has been detected. |
Note: Group references are not currently validated. If group does not refer to a valid entry in the group database, the user is considered to be part of the default group.