HP FlexFabric 7900 Series Configuration Manual page 52

Hide thumbs Also See for FlexFabric 7900 Series:

Command reference manual (294 pages)

Installation manual (58 pages)

Command reference manual (237 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

Table of Contents

A user role can access the set of permitted commands specified in its rules. The user role rules include

predefined (identified by sys-n) and user-defined user role rules.

If two user-defined rules of the same type conflict, the one with higher number takes effect. For

•

example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3

denies the ping command, the user role can use the tracert command but not the ping command.

If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule

•

takes effect.

Resource access policies

Resource access policies control access of user roles to system resources and include the following types:

Interface policy—Controls access to interfaces.

•

VLAN policy—Controls access to VLANs.

•

Resource access policies do not control access to the interface or VLAN options in the display commands.

You can specify these options in the display commands if they are permitted by any user role rule.

Predefined user roles

The system provides 18 predefined user roles. All these user roles have access to all system resources

(interfaces and VLANs), but their command access permissions differ, as shown in

Among all the predefined user roles, only network-admin and level- 1 5 can perform the following

operations:

•

Access the RBAC feature.

Change the settings including user-role, authentication-mode, protocol, and set authentication

•

password in user line view.

Create, modify, and delete local users and local user groups. The other user roles can only modify

•

their own password if they have permissions to configure local users and local user groups.

Level-0 to level- 1 4 users can modify their own permissions for any commands except for the display

history-command all command.

Table 9 Predefined roles and permissions matrix

User role name

network-admin

network-operator

Permissions

Accesses all features and resources in the system.

•

Accesses the display commands for all features and resources in the

system, except for the display history-command all command. To

display all accessible commands of the user role, use the display role

name network-operator command.

•

Enables local authentication login users to change their own password.

Table

Table of Contents

HP FlexFabric 7900 Series Configuration Manual page 52

Troubleshooting

Related Products for HP FlexFabric 7900 Series

HP FlexFabric 7900 Series Configuration Manual page 52

Troubleshooting

Related Manuals for HP FlexFabric 7900 Series

Related Products for HP FlexFabric 7900 Series

Table of Contents