HP 5920 series Fundamentals Configuration Manual page 59

Hide thumbs Also See for 5920 series:

Command reference manual (607 pages)

Configuration manual (424 pages)

Fc and fcoe configuration manual (257 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

Table of Contents

Write—Commands and XML elements that configure the features in the system. For example, the

•

info-center enable command and the debugging command.

Execute—Commands and XML elements that execute specific functions. For example, the ping

•

command and the ftp command.

A user role can access the set of permitted commands and XML elements specified in its rules. The user

role rules include predefined (identified by sys-n) and user-defined user role rules.

Resource access policies

Resource access policies control access of user roles to system resources and include the following types:

Interface policy—Controls access to interfaces.

•

VLAN policy—Controls access to VLANs.

VPN instance policy—Controls access to VPNs.

•

Resource access policies do not control access to the interface, VLAN, or VPN options in the display

commands. You can specify these options in the display commands if they are permitted by any user role

rule.

Predefined user roles

The system provides 19 predefined user roles. All these user roles have access to all system resources

(interfaces, VLANs, and VPNs), but their command access permissions differ, as shown in

Among all the predefined user roles, only network-admin, and level- 1 5 can perform the following

operations:

Access the RBAC feature.

•

Change the settings in user line view, including user-role, authentication-mode, protocol, and set

authentication password.

Create, modify, and delete local users and local user groups. The other user roles can only modify

•

their own passwords if they have permissions to configure local users and local user groups.

Level-0 to level- 1 4 users can modify their own permissions for any commands except for the display

history-command all command.

Table 9 Predefined roles and permissions matrix

User role name

network-admin

network-operator

Permissions

Accesses all features and resources in the system, except for the display

security-logfile summary, info-center security-logfile directory, and

security-logfile save commands.

•

Accesses the display commands for all features and resources in the

system, except for the display history-command all and display

security-logfile summary commands. To display all accessible

commands of the user role, use the display role name network-operator

command.

•

Enables local authentication login users to change their own passwords.

•

Accesses the command used for entering XML view.

•

Accesses all read-type XML elements.

Table

Table of Contents

Show Quick Links

Quick Links:
Entering System View from User View

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

5900 series

HP 5920 series Fundamentals Configuration Manual page 59

Hide quick links:

Troubleshooting

Related Manuals for HP 5920 series

Related Products for HP 5920 series

This manual is also suitable for:

Table of Contents