.. _example_system_cli_aaa_authorization_authorization:

#############
Authorization
#############


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

This scenario shows how to set up per-command authorization.

*****************************
Tacacs Method Privileged User
*****************************

Description
===========

A TACACS+ server configured to deny the ``show date``
command and allow everything else is added to a TACACS+ group, which
is added to an AAA list. This list is assigned to CLI's command
authorization. Whenever a user attempts to run a command, this is sent
to the server and is only executed when authorized to do so.

Scenario
========

.. include:: authorization/tacacsmethodprivilegeduser

.. raw:: html

  <hr>

*********************************
Tacacs Method Non-Privileged User
*********************************

Description
===========

In this case, the same scenario is tested but with a non-privileged user called ``testmonitor``.

Scenario
========

.. include:: authorization/tacacsmethodnon-privilegeduser

.. raw:: html

  <hr>