If you specify the group method or local method and it fails, then the authorization can fail. If you have not
configured a fallback method after the TACACS+ server group method, authorization fails if all server groups
fail to respond.
Command authorization disables user role based authorization control (RBAC), including the default
roles.
Caution
Command authorization is available only to non-console sessions. If you use a console to login to the
server, command authorization is disabled.
Note
By default, context sensitive help and command tab completion show only the commands supported for
a user as defined by the assigned roles. When you enable command authorization, the Cisco NX-OS
software displays all commands in the context sensitive help and in tab completion, regardless of the role
assigned to the user.
Note
This command does not require a license.
Examples
This example shows how to configure the default AAA authorization methods for EXEC commands:
switch# configure terminal
switch(config)# aaa authorization commands default group TacGroup local
Per command authorization will disable RBAC for all users. Proceed (y/n)?
If you press Enter at the confirmation prompt, the default response is n.Note
This example shows how to revert to the default AAA authorization methods for EXEC commands:
switch# configure terminal
switch(config)# no aaa authorization commands default group TacGroup local
Related Commands
DescriptionCommand
Configures default AAA authorization methods for
configuration commands.
aaa authorization config-commands default
Enables the TACACS+ feature.feature tacacs+
Displays the AAA authorization configuration.show aaa authorization
Enables the command authorization verification.terminal verify-only
Tests the command authorization using the AAA
command authorization methods.
test aaa authorization command-type
Cisco Nexus 7000 Series Security Command Reference
38
A Commands
aaa authorization commands default
To Next Page
Loading...
