Table 9
Fabric OS 5.3.0 roles
Role name
BasicSwitchAdm
in
User
Role Permissions
Table 10
describes the types of permissions that are assigned to roles.
Table 10
Permission types
Abbreviation
O
M
OM
N
Table 1 1
shows the permission type for categories of commands that each role is assigned. The
permissions apply to all commands within the specified category. For a complete list of commands and
role permissions.
Table 1 1
RBAC permissions matrix
Category
Access Gateway
Admin Domains
Admin
Domains—Selection
APM
Audit
Authentication
Blade
Chassis Configuration
Configuration
Management
Debug
Diagnostics
Ethernet Configuration
Fabric
Fabric Distribution
Fabric Routing
62
Managing user accounts
Version
5.2.x and higher
All
Definition
Description
Observe
The user can run commands using options that display information only,
such as running userConfig --show -a to show all users on a switch.
Modify
The user can run commands using options that create, change, and
delete objects on the system, such as running userconfig --change
username -r rolename to change a user's role.
Observe-Mod
The user can run commands using both observe and modify options; if
ify
a role has modify permissions, it almost always has observe.
None
The user is not allowed to run commands in that category.
Role permission
User
Operator
Switch
admin
O
OM
OM
N
N
N
OM
OM
OM
O
O
OM
O
O
O
N
N
N
O
OM
OM
O
OM
OM
N
O
O
N
N
N
O
OM
OM
O
O
OM
O
O
O
N
N
N
O
O
O
Duties
Description
Restricted switch
Mostly monitoring with limited
administration
switch (local) commands.
Monitoring only
Nonadministrative use, such as
monitoring system activity.
Zone
Fabric
admin
admin
O
OM
N
N
OM
OM
N
OM
O
O
N
N
N
OM
N
OM
O
O
N
N
N
OM
N
OM
N
OM
N
OM
O
OM
Basic
Admin
Security
switchadmin
Admin
O
OM
N
N
OM
O
OM
OM
OM
O
OM
N
O
O
OM
N
OM
OM
O
OM
N
O
OM
N
O
OM
O
N
N
N
O
OM
N
O
OM
N
O
OM
O
N
OM
OM
O
OM
N