HP MSR2000/3000/4000 Router Series Security Command Reference
14
Related commands
• authentication default
• hwtacacs scheme
• radius scheme
authorization command
Use authorization command to specify the command authorization method.
Use undo authorization command to restore the default.
Syntax
In non-FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] [ none ] | local [ none ] |
none }
undo authorization command
In FIPS mode:
authorization command { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local }
undo authorization command
Default
The default authorization method of the ISP domain is used for command authorization.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
local: Performs local authorization.
none: Does not perform authorization. An authenticated user gets the default user role. For more
information about the default user role, see Fundamentals Configuration Guide.
Usage guidelines
Command authorization restricts login users to execute only authorized commands by employing an
authorization server to verify whether or not each entered command is permitted.
After login, users can access the command lines permitted by their authorized user roles.
You can specify one command authorization method and multiple backup authorization methods. When
the default authorization method is invalid, the device attempts to use the backup authorization methods
in sequence. For example, the authorization command hwtacacs-scheme hwtacacs-scheme-name local
none command specifies the default HWTACACS authorization method and two backup authorization
methods, local authorization and no authorization. With this command, the device performs
HWTACACS authorization by default, performs local authorization when the HWTACACS server is
invalid, and does not perform command authorization when both of the previous methods are invalid.