In order for per-command accounting or authorization by a TACACS+ server to take place, the set tacacs command must be executed within an authorized session.
When per-command accounting is enabled, using the set tacacs command accounting command, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each command executed during the session.
When per-command authorization is enabled, using the set tacacs command authorization command, the TACACS+ server will check whether each command is permitted for that authorized session and return a success or fail. If the authorization fails, the command is not executed.