.. _example_system_cli_aaa_authorization_authorization:

#############
Authorization
#############


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

This scenario shows how to set up per-command authorization.

*****************************
Tacacs Method Privileged User
*****************************

Description
===========

A TACACS+ server configured to deny the ``show date``
command and allow everything else is added to a TACACS+ group which
is added to an AAA list. This list is assigned to the CLI's command
authorization. Whenever a user attempts to run a command, it is sent
to the server and it is only executed if it is authorized to do so.

Scenario
========

.. include:: authorization/tacacsmethodprivilegeduser

.. raw:: html

  <hr>

*********************************
Tacacs Method Non-Privileged User
*********************************

Description
===========

In this case, the same scenario is tested but with a non
privileged user called ``testmonitor``.

Scenario
========

.. include:: authorization/tacacsmethodnon-privilegeduser

.. raw:: html

  <hr>