aaa authorization group
Syntax
[no] aaa authorization group <GROUPNAME> <SEQ-NUM>
match-command {command | feature | policy} {deny | permit} [log]
Description
Assigns rules to existing roles. Rules can be permitted or denied for a specified user.
Parameters
GROUPNAME
The name of the role.
SEQ-NUM
When more than one rule matches the command entered, the rule with the lowest sequence number gets precedence over the other rules.
command
Indicates that the rule requires context level information to validate the command string following this parameter.
feature
r
: The read feature displays the configuration and maintenance information. For example, thedisplay
andshow
commands.w
: The write feature configures the feature in the system. For example, the ACL and the OSPF configuration commands.x
: The execute feature executes specific functions. For example, theping
and thecopy
commands.
There are 40 predefined features. Multiple features can be configured for a single role. When a feature is added to a role, the command rule entries are included automatically for all the commands for that feature.
policy
Indicates that it is a resource policy rule. There are two resource policies: VLAN and interface.
deny
The specified match-command is denied for the specified group.
permit
The specified match-command is permitted for the specified group.
log
Generates a log message in the show logging output for the rule that is permitted or denied.