TACACS+ authorization overview

Upon successful user authentication, the user is identified as having an Administrator, Operator, or Auditor role.

At a minimum, TACACS+ authorization provides the following:

  • Administrators are given access to every command.

  • Operators are given access to only nonconfiguration commands (primarily show commands and only for nonsensitive information).

  • Auditors are given access to a select few commands of interest to those doing auditing.

Optionally, TACACS+ authorization provides further filtering to allow/disallow individual command or command set execution. Each command is sent to the TACACS+ server for approval, and the switch then allows/disallows command execution according to the server response.

NOTE:

TACACS+ authorization applies only to the CLI interface.