diff --git a/tests/tacacs/test_ro_user.py b/tests/tacacs/test_ro_user.py
index 3270ad1a71..abffbbdd4e 100644
--- a/tests/tacacs/test_ro_user.py
+++ b/tests/tacacs/test_ro_user.py
@@ -80,10 +80,20 @@ def test_ro_user_allowed_command(localhost, duthosts, rand_one_dut_hostname, cre
             # 'sudo psuutil *',
             # 'sudo sfputil show *',
             'sudo ip netns identify 1',
+            'sudo ipintutil',
+            'sudo ipintutil -a ipv6',
+            'sudo ipintutil -n asic0 -d all',
+            'sudo ipintutil -n asic0 -d all -a ipv6'
     ]
         # Run as readonly use the commands allowed indirectly based on sudoers file
     commands_indirect = [
             'show version',
+            'show interface status',
+            'show interface portchannel',
+            'show ip bgp summary',
+            'show ip interface',
+            'show ipv6 interface',
+            'show lldp table'
     ]
 
     for command in commands_direct + commands_indirect:
@@ -105,6 +115,8 @@ def test_ro_user_banned_command(localhost, duthosts, rand_one_dut_hostname, cred
     # Run as readonly use the commands allowed by sudoers file
     commands = [
             'sudo shutdown',
+            # all commands under the config tree
+            'sudo config'
     ]
 
     for command in commands: