Cisco Cisco Packet Data Gateway (PDG)
TACACS+ Configuration Mode Commands
authorization ▀
Command Line Interface Reference, StarOS Release 18 ▄
8967
authorization
Enables the authorization of TACACS+ CLI users on a command-by-command, command + command argument, or
command prompt basis. If the user is not authorized to execute the command, the command will fail.
command prompt basis. If the user is not authorized to execute the command, the command will fail.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > TACACS+ Configuration
configure > tacacs mode
Entering the above command sequence results in the following prompt:
[local]host_name(config-tacacs)#
Syntax
[ no ] authorization { arguments | command | prompt }
no
Disables a specified TACACS+ authorization type.
arguments
Enables per-command and command + argument authorization. The TACACS+ server authorizes each
command and its arguments for the user. If the user is not authorized to execute the command and the
corresponding arguments, the command fails. If the command does not contain any arguments, then the
command only is passed to the authorization server.
command and its arguments for the user. If the user is not authorized to execute the command and the
corresponding arguments, the command fails. If the command does not contain any arguments, then the
command only is passed to the authorization server.
command
Enables per-command authorization. The TACACS+ server is contacted for each command and each
command is authorized for the user. If the user is not authorized to execute the command, then the command
fails. If the user is authorized for the command, the command is executed.
command is authorized for the user. If the user is not authorized to execute the command, then the command
fails. If the user is authorized for the command, the command is executed.
prompt
Enables per-command authorization, as described for the
command
option above. However, since commands
may be duplicated in different CLI modes, this version of the command authorization also passes the
command prompt string to the server. The TACACS+ server is contacted for each prompt and command and
must have a matching string for the prompt/command combination. Enabling
command prompt string to the server. The TACACS+ server is contacted for each prompt and command and
must have a matching string for the prompt/command combination. Enabling
prompt
authorization
supersedes
command
authorization, since the prompt and command must be authorized together.
Usage
Use this command to configure the authorization method for TACACS+-based CLI sessions.
Example
The following command requires per-command TACACS+ authorization: