Dear All,
I have configured the SCP on Cisco routers and switches, enable the below command for SCP as per below article.
aaa authorization exec default group tacacs+
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/asr1000/sec-usr-ssh-xe-3s-asr1000-book/sec-usr-ssh-sec-copy.html
Issue is if this is enabled on devices, all ACS users directly authenticated and land in enable mode on devices and have read/write access.
Is there any way we can restrict users and the same time SCP can work for admin users? Please help.