Local authorization overview

Authorization controls authenticated users command execution and switch interaction privileges. Local authorization uses role-based access control (RBAC) to provide role-based privilege levels plus optional user-defined local user groups with command execution rules. Authorization occurs only after successful authentication.
  • Administrators have full command execution and switch interaction privilege.

  • Operators are limited to the use of several nonsensitive show commands.

  • Auditors are limited to a few auditing-related commands.

Optional per-command authorization is available through configuration of user-defined local user groups with command authorization rules applied to respective group members. see User-defined user groups .