aaa authorization
To create a method list for authorization, use the aaa authorization command. To disable authorization for
a function, use the no form of this command.
aaa authorization {commands| eventmanager| exec| network | subscriber} {default| list-name} {none|
local| group {tacacs+| radius| group-name}}
no aaa authorization {commands| eventmanager| exec| network | subscriber} {default| list-name}
Syntax Description
Configures authorization for all EXEC shell commands.commands
Applies an authorization method for authorizing an event manager (fault
manager).
eventmanager
Configures authorization for an interactive ( EXEC) session.exec
Configures authorization for network services, such as PPP or Internet Key
Exchange (IKE).
network
Sets the authorization lists for the subscriber.subscriber
Uses the listed authorization methods that follow this keyword as the default
list of methods for authorization.
default
Character string used to name the list of authorization methods.
list-name
Uses no authorization. If you specify none, no subsequent authorization methods
is attempted. However, the task ID authorization is always required and cannot
be disabled.
none
Uses local authorization. This method of authorization is not available for
command authorization.
local
Uses the list of all configured TACACS+ servers for authorization.group tacacs+
Uses the list of all configured RADIUS servers for authorization. This method
of authorization is not available for command authorization.
group radius
Uses a named subset of TACACS+ or RADIUS servers for authorization as
defined by the aaa group server tacacs+ or aaa group server radius command.
group group-name
Command Default
Authorization is disabled for all actions (equivalent to the method none keyword).
Command Modes
Global configuration
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
16 OL-24740-01
Authentication, Authorization, and Accounting Commands
aaa authorization
To Next Page
Loading...
Need help?
General
