AAA local authorization query

[Praveen Ramamoorthi]

Hi All,

          I'm trying to configure AAA local authorization for a use case in 202205 branch broadcom image. But I couldn't find any reference to apply command level authorization policy using PAM ,in the device locally ,similar to a TACACS server configuration.

I tried using pam_listfile.so as a filtering mechanism in /etc/pam.d/sshd , but that had options to allow/deny only specific users and not at the command level. 

#
account    required       pam_listfile.so \
        onerr=fail item=user sense=allow file=/etc/loginusers

Is there any other way to configure the policy for local authorization at command level ? Please provide information on the same.

Regards,

Praveen