“Command” authorization is distinct from “task-based” authorization, which is based on
the task profile established during authentication.
Note
•
EXEC authorization—Applies authorization for starting an EXEC session.
The exec keyword is no longer used to authorize the fault manager service. The
eventmanager keyword (fault manager) is used to authorize the fault manager service.
The exec keyword is used for EXEC authorization.
Note
•
Network authorization—Applies authorization for network services, such as IKE.
•
Event manager authorization—Applies an authorization method for authorizing an event manager
(fault manager). RADIUS servers are not allowed to be configured for the event manager (fault manager)
authorization. You are allowed to use TACACS+ or locald.
The eventmanager keyword (fault manager) replaces the exec keyword to authorize
event managers (fault managers).
Note
When you create a named method list, you are defining a particular list of authorization methods for the
indicated authorization type. When defined, method lists must be applied to specific lines or interfaces before
any of the defined methods are performed.
Task ID
OperationsTask ID
read, writeaaa
Examples
The following example shows how to define the network authorization method list named listname1, which
specifies that TACACS+ authorization is used:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# aaa authorization commands listname1 group tacacs+
Related Commands
DescriptionCommand
Creates a method list for accounting.aaa accounting, on page 4
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
18 OL-24740-01
Authentication, Authorization, and Accounting Commands
aaa authorization
To Next Page
Loading...
Need help?
General
