Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Authorization is the concept of allowing access to resources only to those permitted to use them
Basic concept: "based off who you are - what are you allowed to do"
Once upon a time, AAA command authorization in Cisco IOS queried the TACACS+ server for every single command a user entered. Rules have changed drastically in the meantime (at least for IOS release 12.4):
Non-privileged show commands are executed without TACACS+ authorization. Privileged show commands (show running or show archive log config) are still authorized.
Some commands that can be executed in non-privileged (aka disable) mode (enable, disable, help, logout) are authorized only if you configure aaa authorization commands 0 methods regardless of the current privilege level.
Other commands (for example, ping) are authorized based on the current privilege level.
Authorization: access control of resources utilizing your identity (from Authentication) and a set of groups/rule about what you are permitted (or denied) to do.