Hi all,
On my ACS server, I have a group which can only issue 'show' commands. I would like this group to be able to change interface descriptions aswell. For CatOS this was easy: authorize the 'set' command and only 'port name' as permitted attribute.
For IOS, however, it is more complicated. The user must be able to do 'conf t', select an interface and then use the "description' command.
Yet when I add 'configure teminal' to the shell authorization set the user can use any command.