Dell PowerEdge FN I/O Module Command Line Reference Guide 9.10(0.0)

PDF

aaa authorization role-only

Configure authentication to use the user’s role only when determining if access to commands is permitted.

Syntax

aaa authorization role-only

To return to the default setting, use the no aaa authentication role-only command.

Parameters

name	Enter a text string for the name of the user up to 63 characters. It cannot be one of the system defined roles (sysadmin, secadmin, netadmin, netoperator).
inherit existing-role-name	Enter the `inherit` keyword then specify the system defined role to inherit permissions from (sysadmin, secadmin, netadmin, netoperator).

Defaults

none

Command Modes

CONFIGURATION

Supported Modes

Full–Switch

Command History

Version	Description
9.9(0.0)	Introduced on the FN IOM.
9.7(0.0)	Introduced on the S6000-ON.
9.5(0.0)	Introduced on the Z9000, S6000, S4820T, S4810, and MXL.

Usage Information

By default, access to commands are determined by the user’s role (if defined) or by the user’s privilege level. If the aaa authorization role-only command is enabled, then only the user’s role is used.

Before you enable role-based only AAA authorization:

Locally define a system administrator user role.This will give you access to login with full permissions even if network connectivity to remote authentication servers is not available.
Configure login authentication on the console. This ensures that all users are properly identified through authentication no matter the access point
Specify an authentication method (RADIUS, TACACS+, or Local).
Specify authorization method (RADIUS, TACACS+ or Local).
Verify the configuration has been applied to the console or VTY line.

Related Commands

login authentication, password, radius-server host, tacacs-server host