You must send correct commands for authorization or else the results may not be reliable.
Note
The test command uses the default (non-console) method for authorization, not the console method.
Note
Before you begin
Enable TACACS+.
Ensure that you have configured command authorization for the TACACS+ servers.
SUMMARY STEPS
1. test aaa authorization command-type {commands | config-commands} user username command
command-string
DETAILED STEPS
PurposeCommand or Action
Tests a user's authorization for a command on the
TACACS+ servers.
test aaa authorization command-type {commands |
config-commands} user username command
command-string
Step 1
The commands keyword specifies only EXEC commands
and the config-commands keyword specifies only
configuration commands.
Example:
switch# test aaa authorization command-type
commands
user TestUser command reload
Put double quotes (") before and after the
command-string argument if it contains spaces.
Note
Related Topics
Enabling TACACS+ , on page 73
Configuring Command Authorization on TACACS+ Servers, on page 90
Configuring User Accounts and RBAC
Enabling and Disabling Command Authorization Verification
You can enable and disable command authorization verificaiton on the command-line interface (CLI) for the
default user session or for another username.
The commands do no execute when you enable authorization verification.
Note
SUMMARY STEPS
1. terminal verify-only [username username]
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
93
Configuring TACACS+
Enabling and Disabling Command Authorization Verification
To Next Page
Loading...
