Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
31323334353637383940
17
authorization command
Use authorization command to specify the command authorization method.
Use undo authorization command to restore the default.
Syntax
In non-FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] |
none }
undo authorization command
In FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local }
undo authorization command
Default
The default authorization method of the ISP domain is used for command authorization.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization. The authorization server does not verify whether the entered
commands are permitted by the user role. The commands are executed successfully if the user role has
permission to the commands.
Usage guidelines
Command authorization restricts login users to execute only authorized commands by employing an
authorization server to verify whether or not each entered command is permitted.
When local command authorization is configured, the device compares each entered command with the
user's configuration on the device. The command is executed only when it is permitted by the user's
authorized user role.
The commands that can be executed are controlled by both the access permission of user roles and
command authorization of the authorization server. Access permission only controls whether the
authorized user roles have access to the entered commands, but it does not control whether the user roles
have obtained authorization to these commands. If a command is permitted by the access permission but
denied by command authorization, this command cannot be executed.
You can specify one primary command authorization method and multiple backup authorization
methods.
When the default authorization method is invalid, the device attempts to use the backup authorization
methods in sequence. For example, the authorization command hwtacacs-scheme
hwtacacs-scheme-name local none command specifies the default HWTACACS authorization method