Users would fail to execute commands in the CLI. They have a TACACS authentication vserver which should be authorizing the execution of commands in the NetScaler.

The TACACS server has a group of administrators configured to be able to authenticate to the NetScaler and execute commands.

When attempting to execute commands after authenticating to the NetScaler the user received an error "Not authorized to execute command".

In the cat aaad.debug you can see process_kernel_socket call to authorize.
user: Test, remote address 1.1.1.1, command:shell, vsid:880

To resolve this issue reconfigure TACACS authentication vserver with syntax to turn authorization on:
add authentication tacacsAction Example -serverIP 1.1.1.1 -tacacsSecret secret -authorization ON add authentication tacacsPolicy TAC_Pol ns_true Example bind system global TAC_Pol -priority 1

Problem Cause

Authorization on the TACACS authentication vserver was turned off.