Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization

Description

Authorization is the concept of allowing access to resources only to those permitted to use them

Basic concept: "based off who you are - what are you allowed to do"

Once upon a time, AAA command authorization in Cisco IOS queried the TACACS+ server for every single command a user entered. Rules have changed drastically in the meantime (at least for IOS release 12.4):

  • Non-privileged show commands are executed without TACACS+ authorization. Privileged show commands (show running or show archive log config) are still authorized.
  • Some commands that can be executed in non-privileged (aka disable) mode (enable, disable, help, logout) are authorized only if you configure aaa authorization commands 0 methods regardless of the current privilege level.
  • Other commands (for example, ping) are authorized based on the current privilege level.

Complete Definition

Authorization: access control of resources utilizing your identity (from Authentication) and a set of groups/rule about what you are permitted (or denied) to do.

Wikipedia Definition Authorization

See Also

    Version history
    Revision #:
    1 of 1
    Last update:
    ‎06-09-2009 04:58 AM
    Updated by:
     
    Labels (1)
    Everyone's tags (3)