[c-nsp] AAA Command Authorization

[John Neiberger]

I have a need for a non-privileged user to be able to see an entire
running config on a device. I can't use IOS privilege levels to do this
because of the way IOS behaves. I can't just grant a user the ability to
do "show run" because IOS won't display any command in the config that
the user doesn't have access to.

Now I wonder if the same applies to AAA command authorization via
TACACS+. If I grant a user access to "show run" via AAA command
authorization, will the IOS display the entire config or will it run a
command authorization check on every line in the config?

Thanks
John
--