F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100
153
Use undo authorization command to restore the default.
Syntax
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local | none ] | local | none }
undo authorization command
Default
The default authorization method for the ISP domain is used for command line authorization.
Views
ISP domain view
Default command level
2: System level
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform any authorization exchange. In this case, an authenticated user can access only
commands of Level 0.
Usage guidelines
The specified HWTACACS scheme must have been configured.
With command line authorization configured, a user who has logged in to the device can execute only
the commands with a level lower than or equal to that of the local user.
Examples
# Configure ISP domain test to use local command line authorization.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command local
# Configure ISP domain test to use HWTACACS scheme hwtac for command line authorization and use
local authorization as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authorization command hwtacacs-scheme hwtac local
Related commands
• local-user
• authorization default
• hwtacacs scheme
authorization default
Use authorization default to configure the default authorization method for an ISP domain.
Use undo authorization default to restore the default.