When exec authorization is configured for a line mode, the user may not be required to use the enable command to enter Privileged EXEC mode. If the authorization response indicates that the user has sufficient privilege levels for Privileged EXEC mode, then the user bypasses User EXEC mode entirely.
The exec authorization usage scenario is this:
- Configure Authorization Method List aaa authorization exec listname method1 [method2...]
- Apply AML to an Access Line Mode (console, telnet, SSH) authorization exec listname
- When the user logs in, in addition to authentication, authorization will be performed to determine if the user is allowed direct access to Privileged EXEC mode.
| Format | aaa authorization {commands|exec} {default|list-name} method1[method2] |
| Mode | Global Config |
| Parameter | Description |
|---|---|
| commands | Provides authorization for all user-executed commands. |
| exec | Provides exec authorization. |
| default | The default list of methods for authorization services. |
| list-name | Alphanumeric character string used to name the list of authorization methods. |
| method | TACACS+/RADIUS/Local and none are supported. |
Example: The following shows an example of the command.
(Routing) #configure (Routing) (Config)#aaa authorization exec default tacacs+ none (Routing) (Config)#aaa authorization commands default tacacs+ none
