User Has Too Much Access; User Cannot Configure Some Vsans; Verifying Vsan-Restricted Roles Using Fabric Manager - Cisco 9134 - MDS Multilayer Fabric Switch Troubleshooting Manual

User and Role Issues
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

User Has Too Much Access

Symptom
Table 18-5 User Has Too Much Access
Symptom Possible Cause
User has too much User is assigned incorrect role or
access. overlapping roles.
Role is not configured for appropriate
access.

User Cannot Configure Some VSANs

Symptom
Table 18-6 User Cannot Configure Some VSANs
Symptom Possible Cause
User cannot configure User is assigned a VSAN-restricted
some VSANs. role.

Verifying VSAN-Restricted Roles Using Fabric Manager

To verify user role-based access using Fabric Manager, follow these steps:
Choose Switches > Security > Users and Roles and select the Roles tab to view the roles.
Step 1
Check the Scope Enable check box to make the role VSAN-restricted.
Step 2
Add the range of VSANs that you want to allow this role to configure in the Scope VSAN Id List field.
Step 3
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
18-10
User has too much access.
User cannot configure some VSANs.
Chapter 18
Solution
For RADIUS, configure the vendor-specific attributes on
the server for the role using
" ".
roles = " <rolename>
For TACACS+, configure the attribute and value pair on the
server for the role using
roles="vsan-admin
".
storage-admin
See the "Verifying Roles Using Device Manager" section
on page 18-8 or the "Verifying Roles Using the CLI"
section on page 18-9.
See the "Verifying Roles Using Device Manager" section
on page 18-8 or the "Verifying Roles Using the CLI"
section on page 18-9.
Solution
See the "Verifying VSAN-Restricted Roles Using Fabric
Manager" section on page 18-10
VSAN-Restricted Roles Using the CLI" section on
page 18-11.
Troubleshooting Users and Roles
Cisco-AVPair = "shell:
or the "Verifying
OL-9285-05