Device Authorization - Configuration Template

Configuration Template for Authorization Profile.

This feature will be used to define set of commands that can be executed/denied execution by a specific user/user group on InfraonSecuRA. Administrators can also restrict/permit command execution authorization based on device models.

Notes for Authorization Profile Template:

There are five types of command input options that can be defined in an Authorization Profile. They are:

  • Terminate Commands - Command (sets) that are denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon SecuRA terminates the CLI Session immediately.
  • Block Commands - Command (sets) that are denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon SecuRA blocks these commands from being executed. The CLI session is not terminated here.
  • Notify Commands - When a user tries these set(s) of commands,Infraon SecuRA executes the same and triggers a notification about the action. If this option is selected, Notifier (Notification Alert) must be selected using the dropdown menu.
  • Permit Commands – Command (sets) that are permitted for execution by the User/User Group. Commands that are not added in the ‘Permit’ section will be blocked at the time of execution.
  • System Commands – used to ignore inputs like password and other User credential input. For example: When a user tries to execute a Command, that requires authentication by the system, the user is prompted by the system to provide additional information. In this case, system prompt must be added in the ‘Ignore’ section. If not, system runs the command through the Permit command list and may end up blocking the command/command set.
Infraon SecuRA accepts command input in regex pattern only.

There are two ways to input commands:

  • Adding commands in the respective text boxes.
  • Importing saved commands from a file. To import commands, click on the respective button - Terminate/Block/Notify/Permit/System.