https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210339#M383929 <HTML><HEAD></HEAD><BODY><P></P></BODY></HTML> Sun, 01 Feb 2009 19:49:28 GMT 2009-02-01T19:49:28Z https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210337#M383923 <P>Is their a way to create a command authorization set that would allow all commands in the enable mode, but deny a user from entering into the global configuration mode.</P><P></P><P>I see read-only examples of just allowing a few commands, such as show, exit, &amp; debug. However, I don't want to restrict them from any commands while in the enable mode.</P> Sun, 10 Mar 2019 23:18:46 GMT https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210337#M383923 dphills18 2019-03-10T23:18:46Z https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210338#M383925 <HTML><HEAD></HEAD><BODY><P></P></BODY></HTML> Sun, 01 Feb 2009 19:48:35 GMT https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210338#M383925 2009-02-01T19:48:35Z https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210339#M383929 <HTML><HEAD></HEAD><BODY><P></P></BODY></HTML> Sun, 01 Feb 2009 19:49:28 GMT https://community.cisco.com/t5/network-access-control/acs-command-authorization-set-configuration-mode-denial/m-p/1210339#M383929 2009-02-01T19:49:28Z