Inherit usergroup, SR-29 | Cisco Systems XR guide

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

inherit usergroup

inherit usergroup

To enable a user group to derive characteristics of another user group, use the inherit usergroup command in user group configuration mode.

inherit usergroup usergroup-name

Syntax Description

usergroup-name

Name of the user group from which permissions are to be inherited.

Defaults

Command Modes

Command History

No default behavior or values

User group configuration

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.

Release 3.0	No modification.

Release 3.2	This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0	No modification.

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Each user group is associated with a set of task groups applicable to the users in that group. A task group is defined by a collection of task IDs. Task groups contain task ID lists for each class of action. The task permissions for a user are derived (at the start of the EXEC or XML session) from the task groups associated with the user groups to which that user belongs.

User groups support inheritance from other user groups. Use the inherit usergroup command to copy permissions (task ID attributes) from one user group to another user group. The “destination” user group inherits the properties of the inherited group and forms a union of all task IDs specified in those groups. For example, when user group A inherits user group B, the task map of the user group A is a union of that of A and B. Cyclic inclusions are detected and rejected. User groups cannot inherit properties from predefined groups, such as root-system users, root-sdr users, netadmin users, and so on. Any changes made to the usergroup from which it is inherited are reflected immediately in the group from which it is inherited.

Task ID	Task ID	Operations
	aaa	read, write

Cisco IOS XR System Security Command Reference

SR-29

Image 29

Cisco Systems XR manual Inherit usergroup usergroup-name, SR-29

Contents

SR-1 SR-2 Aaa accounting SR-3 Creates a method list to be used for authorizationAaa Read, write SR-4 Aaa accounting system default SR-5 Creates a method list for authenticationCreates a method list for authorization SR-6 Aaa authentication SR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting SR-8 Command Description Network Aaa authorizationLocal SR-9 SR-10 SR-11 Which specifies that TACACS+ authorization is used SR-12 Aaa default-taskgroup SR-13 Aaa group server radius SR-14 Comprises three member servers SR-15 Aaa group server tacacs+ SR-16 SR-17 Aaa accounting commandAccounting SR-18 List named listname2 on a line template named configure SR-19 AuthorizationAuthorization command SR-20 Listname4 on a line template named configure SR-21 Deadtime server-group configurationDeadtime minutes no deadtime SR-22 Related Commands Description SR-23 Description AAADescription string No description SR-24 Taskgroup SR-25 Group SR-26 Task ID Examples SR-27 Inherit taskgroup SR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name SR-30 Sales user group SR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 SR-35 Radius-server dead-criteria time SR-36 SR-37 Radius-server dead-criteria tries SR-38 Dead-criteria time SR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 Radius-server host Timeout secondsRetransmit retries SR-41 SR-42 SR-43 SR-44 Radius-server key SR-45 Specifies a Radius server host SR-46 Radius-server retransmit SR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout SR-48 Radius source-interface SR-49 Outgoing Radius packets SR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 SR-52 Server Radius SR-53 SR-54 Server TACACS+ SR-55 Groups different TACACS+ server hosts into distinct lists SR-56 Show aaa Aaa usergroup operator SR-57 SR-58 SR-59 Displays task IDs enabled for the currently logged-in user Show radius If no radius servers are configured, no output is displayedShow radius SR-60 SR-61 Field Description SR-62 Show radius accountingShow radius accounting SR-63 Show radius authentication SR-64 Show radius authenticationShow radius authentication SR-65 Show radius accounting SR-66 Show radius clientShow radius client SR-67 SR-68 Show radius dead-criteria SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70 SR-71 Field Description SR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported Ouni pkg-mgmt pos-dpt ppp SR-77 SR-78 Show user User all SR-79 SR-80 SR-81 SR-82 Tacacs-server host SR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key SR-85 Specifies a TACACS+ host SR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout SR-87 Tacacs source-interface SR-88 Aaa group server radius Write TaskExecute Debug SR-90 SR-91 Taskgroup SR-92 Creates a task group description in task configuration modeAdds a task ID to a task group SR-93 Timeout login response SR-94 Enables AAA authentication for logins SR-95 Usergroup SR-96 Creates a description of a task group during configuration SR-97 Username Creates a login password for a user Defines a method list for authenticationAdds a user to a group SR-98 SR-99 Users group SR-100 Given operator privileges