Filter
Top Products
aaa authorization role-only
Configure authentication to use the user’s role only when determining if access to commands is
permitted.
Syntax
aaa authorization role-only
To return to the default setting, use the no aaa authentication role-only
command.
Parameters
name Enter a text string for the name of the user up to 63
characters. It cannot be one of the system defined roles
(sysadmin, secadmin, netadmin, netoperator).
inherit existing-
role-name
Enter the inherit keyword then specify the system defined
role to inherit permissions from (sysadmin, secadmin,
netadmin, netoperator).
Defaults none
Command
Modes
CONFIGURATION
Command
History
Version
Version Description
9.7(0.0) Introduced on the S6000-ON.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and
MXL.
Usage
Information
By default, access to commands are determined by the user’s role (if defined) or by
the user’s privilege level. If the aaa authorization role-only command is
enabled, then only the user’s role is used.
Before you enable role-based only AAA authorization:
1. Locally define a system administrator user role.This will give you access to
login with full permissions even if network connectivity to remote
authentication servers is not available.
2. Configure login authentication on the console. This ensures that all users are
properly identified through authentication no matter the access point
3. Specify an authentication method (RADIUS, TACACS+, or Local).
4. Specify authorization method (RADIUS, TACACS+ or Local).
5. Verify the configuration has been applied to the console or VTY line.
Related
Commands
login authentication, password, radius-server host, tacacs-server host
Security
1593