Role permissions
Table 9
describes the types of permissions that are assigned to roles.
Table 9
Permission types
Abbreviation
O
M
OM
N
Table 10
shows the permission type for categories of commands that each role is assigned. The
permissions apply to all commands within the specified category. For a complete list of commands and
role permissions, see the Fabric OS Command Reference.
Table 10
RBAC permissions matrix
Category
Admin Domains
Admin Domains—Selection
Access Gateway
APM
Audit
Authentication
Blade
Chassis Configuration
Configuration Management
Data Migration Manager
Debug
Diagnostics
Ethernet Configuration
Fabric
Fabric Distribution
Fabric Routing
Fabric Watch
FICON
Firmware Management
FRU Management
Definition
Description
Observe
The user can run commands using options that display information only,
such as running userConfig --show -a to show all users on a
switch.
Modify
The user can run commands using options that create, change, and
delete objects on the system, such as running userconfig
--change username -r rolename to change a user's role.
Observe and
The user can run commands using both observe and modify options; if
modify
a role has modify permissions, it almost always has observe.
None
The user is not allowed to run commands in a given category.
Role permission
User
Operator
N
N
OM
OM
O
OM
O
O
O
O
N
N
O
OM
O
OM
N
O
N
N
N
N
O
OM
O
O
O
O
N
N
O
O
O
OM
O
OM
O
OM
O
OM
Switch
Zone
Fabric
admin
admin
admin
N
N
N
OM
OM
OM
OM
O
OM
OM
N
OM
O
O
O
N
N
N
OM
N
OM
OM
N
OM
O
O
O
N
N
N
N
N
N
OM
N
OM
OM
N
OM
O
O
OM
N
N
OM
O
O
OM
OM
N
OM
OM
N
OM
OM
O
OM
OM
N
OM
Basic
Admin
switch
admin
N
OM
OM
OM
O
OM
O
OM
O
OM
N
OM
O
OM
O
OM
O
OM
N
OM
N
N
O
OM
O
OM
O
OM
N
OM
O
OM
O
OM
O
OM
O
OM
O
OM
Fabric OS 6.x administrator guide
Security
admin
O
OM
N
N
OM
OM
N
N
O
N
N
N
N
O
OM
N
N
N
O
N
57