The authorization-scheme command creates an authorization scheme and enters the authorization scheme view.
The undo authorization-scheme command deletes an existing authorization scheme that is not bound to any domain.
By default, the authorization scheme named default is used in the system. default is the local authorization mode. default can be modified but cannot be deleted.
| Parameter | Description | Value |
|---|---|---|
| authorization-scheme-name |
Specifies the name of an authorization scheme. |
The value is a string of 1 to 32 case-insensitive characters. The name of an authorization scheme must comply with the naming criterion of Windows, that is, characters such as \, /, :, *, ?, ", |, <, and > must be excluded from the name of an authorization scheme. |
Usage Scenario
All the authorization of access users is implemented through authorization schemes in the domain view. You need to configure authorization schemes in the AAA view. The default authorization scheme of AAA adopts local authorization. The authorization-scheme command creates an authorization scheme.
If the authorization scheme to be created by the authorization-scheme command has the same name with an existing authorization scheme, the authorization scheme view is displayed directly.
The undo authorization-scheme command can delete only the existing authorization schemes that are not bound to any domains.
After entering a new authorization scheme view, you can modify the authorization scheme, for example, change the authorization mode or enable command-line-based authorization. When the new authorization scheme is completed, you can associate a domain with this authorization scheme.