When logging into a N5K or a N7K system VDC, the default User-Roles assigned is “network-operator”. When logging into a VDC, the default User-Roles is “vdc-operator”.
You need to add a new shell role or you also can add multiple roles:
shell:roles="\"network-admin vdc-admin\""
# sh user-account user:admin this user account has no expiry date roles:vdc-admin user:account1 roles:vdc-operator account created through REMOTE authentication Credentials such as ssh server key will be cached temporarily only for this user account Local login not possible
After modify your tacacs+ configuration, you need to clear the user account cached.
(config)# no username account1
Your user in cache disappears
# sh user-account user:admin this user account has no expiry date roles:vdc-admin
Verification :
# sh user-account user:admin this user account has no expiry date roles:vdc-admin user:account1 roles:vdc-admin
Now your user have the good right.