aaa authorization
Required Command-Line Mode = Configure
Use the aaa authorization command to specify how externally logged-in users should be granted privileges on the GigaVUE-OS node. You can map all external logins to a specific local account, use matching accounts in the local database, or reject external logins unless they have a matching account in the local database.
The aaa authorization command has the following syntax:
aaa authorization
map
default-user <<user> | admin | monitor | operator>
order <<policy> | remote-only | remote-first | local-only>
roles
role <role name | Default> [description]
The following table describes the arguments for the aaa authorization command:
|
Argument |
Description |
|||||||||||||||||||||||||||
|
map default-user <<user> | admin | monitor | operator> |
Specifies the account to which externally authenticated logins are mapped when map order is set to remote-first (if there is no matching local account) or local-only. |
|||||||||||||||||||||||||||
|
map order <<policy> | remote-only | remote-first | local-only> |
Specifies how externally authenticated logins (RADIUS, TACACS+, or LDAP) are mapped to local accounts, as follows:
This is the default.
|
|||||||||||||||||||||||||||
|
role <role name | Default> [description] |
Configures a role by name or Default and optionally adds a role description. |
Related Commands
The following table summarizes other commands related to the aaa authorization command:
|
Task |
Command |
|
Displays general AAA settings. |
# show aaa |
|
Clears authorization user mapping default user settings. |
(config) # no aaa authorization map default-user |
|
Clears authorization user mapping order settings. |
(config) # no aaa authorization map order |
|
Deletes a role definition. |
(config) # no aaa authorization roles role Default |
|
Deletes a description from a role. |
(config) # no aaa authorization roles role Default description |
Document INFORMATION 
