key = "tac_test"

# Set where to send accounting records
accounting syslog;
accounting file = /var/log/tac_plus/tac_plus.acct

user = veera {
	expires = "april 30 2019"
        member = stpm-superusers
        login = des DULqjubMb1eoE
        enable = des DULqjubMb1eoE
	}

user = manju {
	expires = "april 30 2019"
	member = stpm-superusers
	login = des LMPzUUQw95kpM
	enable = des LMPzUUQw95kpM
	}

user = prashanth {
	expires = "april 30 2019"
	member = stpm-superusers
	login = des kYbDwO5eCCEwo
	enable = des kYbDwO5eCCEwo
	} 

user = naveen {
	member = read-only
	login = des FRlBHjoDrlCBc
	}

#Policies for device access to network administators - default allow all commands
group = stpm-superusers {
	default service = permit

#policy for juniper devices

service = junos-exec {
                local-user-name = SU
                allow-commands = .*
                allow-configurations = .*
                }

#config for huawei devices

service = exec {
         priv-lvl = 15
        }
			
	#stpm-superuser group can run below commands
	cmd = display {
        permit  .*
        }
	cmd = enable {
	permit .*
	}

#config for cisco devices

service = exec {
                
	priv-lvl = 15
        idletime = 30
        shell:roles="\"network-operator vdc-operator\""
         }

}

#Policies for device access to network support staff's
#default denied everything and command should be added as per requirement

group = read-only {
	default service = deny

#policy for juniper devices
#Removing comments will overide default behavious and allow execution commands 
service = junos-exec {
                bug-fix = "first pair is lost"
                local-user-name = "RO"
                #allow-commands = ".*"
                allow-commands1 = "ping.*"
                allow-commands2 = "traceroute.*"
                #allow-commands3 = "show.*"
                #allow-commands4 = "configure.*"
                #allow-commands5 = "edit.*"
                #allow-commands6 = "commit.*"
                #allow-commands7 = "rollback.*"
                deny-commands1 = ".*"
                allow-configurations = ".*"
                allow-configuration = ""
                deny-configuration = ""
                }

		     
#config for huawei devices
service = exec {
         priv-lvl = 7
        }
			
	cmd = display {
        permit  .*
        }
	cmd = enable {
	permit .*
	}	
	cmd = system-view {
	permit .*
	}
	cmd = aaa {
	permit .*
	}

#config for cisco devices	
service = exec {
	priv-lvl = 7
	}

	cmd = show { 
		permit .*
		}
	cmd=enable {
                permit .*
                }
        cmd=exit {
                permit .*
                }

}
root@veerabhadra-VirtualBox:/etc/tacacs#