Most router control,
configuration, or monitoring operation (CLI, Netconf, Restconf, XML API) is
associated with a particular set of task IDs. Typically, a given CLI command or
API invocation is associated with at least one or more task IDs. Neither the config nor the
require any specific task id permissions. The configuration and commit
operations do not require specific task ID permissions. Aliases also don't
require any task ID permissions. You cannnot perform a configuration replace
unless root-lr permissions are assigned. If you want to deny getting into
configuration mode you can use the TACACS+ command authorization to deny the
config command. These associations are hard-coded within the router and may not
be modified. Task IDs grant permission to perform certain tasks; task IDs do
not deny permission to perform tasks. Task ID operations can be one, all, or a
combination of classes that are listed in this table.
Restconf will be supported in a future release.
Table 1 Task ID
designation that permits only a read operation.
designation that permits a change operation and implicitly allows a read
designation that permits an access operation; for example ping and Telnet.
designation that permits a debug operation.
The system verifies
that each CLI command and API invocation conforms with the task ID permission
list for the user. If you are experiencing problems using a CLI command,
contact your system administrator.
Multiple task ID
operations separated by a slash (for example read/write) mean that both
operations are applied to the specified task ID.
Multiple task ID
operations separated by a comma (for example read/write, execute) mean that
both operations are applied to the respective task IDs. For example, the
access-list command can have the read and write operations
applied to the acl task ID, and the execute operation applied to the
If the task ID and
operations columns have no value specified, the command is used without any
previous association to a task ID and operation. In addition, users do not have
to be associated to task IDs to use ROM monitor commands.
Users may need to be
associated to additional task IDs to use a command if the command is used in a
specific configuration submode. For example, to execute the
command, a user needs to be associated to the system (read) task ID and
operations as shown in the following example:
RP/0/RP0/CPU0:router# show redundancy