Authorization defines the network services that are available to an individual or group. It provides
an easy means of allowing privileged-mode (enable-mode) access while restricting the
commands that can be executed. For example, you might want to isolate most enable commands
to a single administrator or manager, while allowing operators to perform limited diagnostic
functions. More experienced operators would be granted higher levels of authorization—
for example, they might be permitted to shut down an interface. The unrestricted enable-mode
administrator would be required for additional functions.
Use care in restricting administrative rights to the router. Although this is a
helpful option when allocating rights to vendors and other parties, too restrictive
a policy will lead to the distribution of the unrestricted account information,
which can create a larger security risk.