Tacacs+ Authorization Example-Custom Administrative Profile - Dell M6220 User Configuration Manual

TACACS+ Authorization Example—Custom Administrative Profile
This example creates a custom profile that allows the user to control user
access to the switch by configuring a administrative profile that only allows
access to AAA related commands. Use the following commands to create the
administrative profile:
admin-profile aaa
rule 99 permit command "^show aaa .*"
rule 98 permit command "^show authentication .*"
rule 97 permit command "^show authorization .*"
rule 96 permit command "^show accounting .*"
rule 95 permit command "^show tacacs .*"
rule 94 permit command "^aaa .*"
rule 93 permit command "^line .*"
rule 92 permit command "^login .*"
rule 91 permit command "^authorization .*"
rule 90 permit command "^accounting .*"
rule 89 permit command "^configure .*"
rule 88 permit command "^password .*"
rule 87 permit command "^username .*"
rule 86 permit command "^show user.*"
rule 85 permit command "^radius-server .*"
rule 84 permit command "^tacacs-server .*"
rule 83 permit mode radius-auth-config
rule 82 permit mode radius-acct-config
rule 81 permit mode tacacs-config
exit
The following describes each line in the above configuration:
• The admin-profile aaa command will create an administrative
profile call aaa and place the user in admin-profile-config mode.
• Each rule number permit command regex command allows any
command that matches the regular expression.
• Each rule number permit mode mode-name command allows
all commands in the named mode.
• The command rules use regular expressions as implemented by Henry
Spencer's regex library (the POSIX 1003.2 compliant version). In the
regular expressions used in this example, the caret (^) matches the null
Configuring Authentication, Authorization, and Accounting
193