No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
authorization-cmd

authorization-cmd

Function

The authorization-cmd command configures command-specific authorization for an administrator of a specific level. After command-specific authorization is enabled and an administrator of a specific level logs in to the device, the commands that the administrator enters can be executed only after being authorized by the HWTACACS server.

The undo authorization-cmd command disables command-specific authorization for an administrator of a specific level.

By default, the command-specific authorization is disabled. That is, an administrator of any level can execute only commands of or below its level after logging in to the device.

Format

authorization-cmd privilege-level hwtacacs [ local ] [ none ]

undo authorization-cmd privilege-level

Parameters

Parameter Description Value
privilege-level Specified the administrator level. The value is an integer that ranges from 0 to 15.
hwtacacs Indicates HWTACACS authorization. -
local Indicates local authorization. -
none

Indicates that command line authorization is directly performed for a user if the HWTACACS server does not respond to the authorization request of the user.

-

Views

Authorization scheme view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After being authorized, the users at a certain level can run the commands of the same or lower levels. Command line authorization can be configured to implement minimum user rights control. When command line authorization is enabled, each command entered by users can be executed only after being authorized. After command line authorization is enabled for users at a certain level, the commands run by the users at that level must be authorized by an HWTACACS server.

Precautions

You are advised to configure local authorization as a backup of command line authorization. If command line authorization cannot be performed because of a failure on an HWTACACS server, the device starts local authorization.

After the authorization-cmd command is executed, command line authorization does not take effect immediately. Command line authorization takes effect only when an authorization scheme containing command line authorization is applied to administrator view correctly.

After an authorization scheme containing command line authorization is applied to administrator view, if you run the undo authorization-cmd command, an online administrator at a certain level cannot run any commands except for the quit command. The administrator needs to log in again.

Example

# Configure command line authorization administrators at level 2.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] authorization-scheme scheme1
[Huawei-aaa-author-scheme1] authorization-cmd 2 hwtacacs
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 207991

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next