• aaa accounting• aaa authentication login• aaa authorization commands• authorization• show accounting• show users• usernameaaa authorization role-onlyConfigure authentication to use the user’s role only when determining if access to commands is permitted.C9000Syntax aaa authorization role-onlyTo return to the default setting, use the no aaa authentication role-onlycommand.Parameters name Enter a text string for the name of the user up to 63 characters.It cannot be one of the system defined roles (sysadmin,secadmin, netadmin, netoperator).inherit existing-role-nameEnter the inherit keyword then specify the system definedrole to inherit permissions from (sysadmin, secadmin, netadmin,netoperator).Defaults noneCommand Modes CONFIGURATIONCommand History Version Description9.9(0.0) Introduced on the C9010.9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and MXL.Usage Information By default, access to commands are determined by the user’s role (if defined) or by theuser’s privilege level. If the aaa authorization role-only command is enabled,then only the user’s role is used.Before you enable role-based only AAA authorization:1 Locally define a system administrator user role.This will give you access to loginwith full permissions even if network connectivity to remote authentication serversis not available.2 Configure login authentication on the console. This ensures that all users areproperly identified through authentication no matter the access pointSecurity 1914