Specifying authentication level in TACACS+
By default, TACACS+ authorized users on the vRouter are given operator-level access. However, you can specify the authentication level for individual TACACS+ authorized users on the local vRouter. Like the mapping of user IDs, this configuration is specified on the TACACS+ server, as shown in the following example:
user = administrator {
default service = permit
login = cleartext "Vyatta"
service = Vyatta-exec {
level = "admin"
}
}
Logging in to the local vRouter as the administrator user in this instance provides administrative-level access. You can also configure an additional level on the TACACS+ server as superuser to provide superuser-level access.