Concept Guide
aaa authorization commands
Set parameters that restrict (or permit) a user’s access to EXEC and CONFIGURATION level commands.
Syntax
aaa authorization commands {level | role role-name}{name | default} {local |
tacacs+ | none}
Undo a conguration with the no aaa authorization commands {level | role role-name}
{name | default} {local | tacacs+ | none} command.
Parameters
commands level Enter the keyword commands then the command privilege level for command level
authorization.
role role-name Enter the keyword role then the role name. role method is supported only on Full-
Switch mode.
name Dene a name for the list of authorization methods.
default Dene the default list of authorization methods.
local Use the authorization parameters on the system to perform authorization.
tacacs+ Use the TACACS+ protocol to perform authorization.
none Enter the keyword none to apply no authorization.
Defaults none
Command Modes CONFIGURATION
Supported Modes All Modes.
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.5(0.0) Introduced the support for roles on the MXL 10/40GbE Switch .
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
aaa authorization role-only
Congure authentication to use the user’s role only when determining if access to commands is permitted.
Syntax
aaa authorization role-only
To return to the default setting, use the no aaa authentication role-only command.
Parameters
name
Enter a text string for the name of the user up to 63 characters. It cannot be one of the
system dened roles (sysadmin, secadmin, netadmin, netoperator).
inherit existing-role-
name
Enter the inherit keyword then specify the system dened role to inherit permissions
from (sysadmin, secadmin, netadmin, netoperator).
Defaults none
Security 1151