NCM needs to have the same administrative or Active Directory rights as you do, if you're using any kind of AAA, and especially if you're using TACACS. If it doesn't, you'll get that "Command not authorized" message.
Example:
* If my user name is Fred and I have read/write admin rights on the switch, I can SSH to the switch, make changes, copy run start or write mem logged into it as Fred, and there's no problems.
* If I have a local admin user account on the switch with write permissions, I can do the same as above if I log in as that local account. I don't recommend it except as an option for when your AAA solution is unavailable to the switch, and you need to log into it to make changes during the time AAA's unavailable. The reason is that it's a lot simpler to user AAA via TACACS with ACS if you want great tracking of commands issued to devices, and you also want granular permission capabilities.
* If I've created a different user called NCM, and I tell NCM to log into the switch with that user name/account--no matter whether this is an Active Directory account, or a local admin account on the device--the NCM user MUST have read/write permissions for it to be able to write mem.
Check to see whether the account NCM uses to access the switch has R/W permissions. If it doesn't, you've found the problem.
If it DOES have R/W permissions, then check to see how your AAA is set up, and troubleshoot it there. For example, in Steel-Belted RADIUS that references Active Directory accounts, you'll find logs saying why the command failed; they should help you identify the permissions needed to get the job done. Upgrade the account's permissions in SBR or in Active Directory and test.
Similarly, if you use Cisco ACS and TACACS, you must review (and possibly modify) what roles/permissions/rights your NCM account has been given. If ACS sees the user named NCM does not have permissions to save configurations, especially if you're using TACACS for your AAA, ACS will stop that command from running.
I strongly suspect AAA rights/permissions is the originator of your "Command not authorized" message.
Swift Packets, Happy Users to you!
Rick S.