TACACS+ authorization overview
Upon successful user authentication, the user is identified as having either an Administrator or Operator role.
At a minimum, TACACS+ authorization provides the following:
Administrators are given access to every command.
Operators are given access to only nonconfiguration commands (primarily
show
commands and only for nonsensitive information).
Optionally, TACACS+ authorization provides further filtering to allow/disallow individual command or command set execution. Each command is sent to the TACACS+ server for approval, and the switch then allows/disallows command execution according to the server response.
NOTE:
TACACS+ authorization applies only to the CLI interface.