Cisco Cisco Packet Data Gateway (PDG) Merkblatt
TACACS+ Configuration Mode Commands
authorization ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
8377
authorization
Enables the authorization of TACACS+ CLI users on a command-by-command, command + command argument, or
command prompt basis. If the user is not authorized to execute the command, the command will fail.
command prompt basis. If the user is not authorized to execute the command, the command will fail.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > TACACS+ Configuration
configure > tacacs mode
Entering the above command sequence results in the following prompt:
[local]host_name(config-tacacs)#
Syntax
[ no ] authorization { command | prompt | arguments }
no
Disables a configured TACACS+ authorization
command
,
prompt
, or
arguments
setting.
{ command | prompt | arguments }
Specifies the type of authorization behavior to enforce:
command
: Enables per-command authorization. The TACACS+ server is contacted for each command
and each command is authorized for the user. If the user is not authorized to execute the command,
then the command fails. If the user is authorized for the command, the command is executed.
then the command fails. If the user is authorized for the command, the command is executed.
prompt
: Enables per-command authorization, as described for the
command
option above. However,
since commands may be duplicated in different CLI modes, this version of the command
authorization also passes the command prompt string to the server. The TACACS+ server is
contacted for each prompt and command and must have a matching string for the prompt/command
combination. Enabling
authorization also passes the command prompt string to the server. The TACACS+ server is
contacted for each prompt and command and must have a matching string for the prompt/command
combination. Enabling
prompt
authorization supersedes
command
authorization, since the prompt
and command must be authorized together.
arguments
: Enables per-command and command + argument authorization. The TACACS+ server
authorizes each command and its arguments for the user. If the user is not authorized to execute the
command and the corresponding arguments, the command fails. If the command does not contain
any arguments, then the command only is passed to the authorization server.
command and the corresponding arguments, the command fails. If the command does not contain
any arguments, then the command only is passed to the authorization server.
Usage
Use this command to configure the authorization method for TACACS+-based CLI sessions.
Example
The following command requires per-command TACACS+ authorization:
authorization command