TACACS+ authorization overview

Upon successful user authentication, the user is identified as having either an Administrator or Operator role.

At a minimum, TACACS+ authorization provides the following:

• Administrators are given access to every command.

• Operators are given access to only nonconfiguration commands (primarily show commands and only for nonsensitive information).

Optionally, TACACS+ authorization provides further filtering to allow/disallow individual command or command set execution. Each command is sent to the TACACS+ server for approval, and the switch then allows/disallows command execution according to the server response.