Command Rbac Permissions And Ad Types - Brocade Communications Systems Brocade 8/12c Administrator's Manual

Command RBAC permissions and AD types

Two RBAC roles are permitted to perform Encryption operations.
•
•
See
TABLE 4
Encryption command RBAC availability and admin domain type
Command name
addmembernode
addhaclustermember
addinitiator
addLUN
commit
create --container
create --encgroup
create --hacluster
create --tapepool
Fabric OS Encryption Administrator's Guide
53-1002159-03
Admin and SecurityAdmin
Users authenticated with the Admin and SecurityAdmin RBAC roles may perform cryptographic
functions assigned to the FIPS Crypto Officer, including the following:
•
Perform encryption node initialization.
•
Enable cryptographic operations.
•
Manage I/O functions for critical security parameters (CSPs).
•
Zeroize encryption CSPs.
•
Register and configure a key vault.
•
Configure a recovery share policy.
•
Create and register recovery share.
•
Perform encryption group- and clustering-related operations.
•
Manage keys, including creation, recovery, and archive functions.
Admin and FabricAdmin
Users authenticated with the Admin and FabricAdmin RBAC roles may perform routine
Encryption Switch management functions, including the following:
•
Configure virtual devices and crypto LUNs.
•
Configure LUN and tape associations.
•
Perform re-keying operations.
•
Perform firmware download.
•
Perform regular Fabric OS management functions.
Table 4 for the RBAC permissions when using the encryption configuration commands.
User Admin Operator
N OM N
N OM N
N OM N
N OM N
N OM N
N OM N
N OM N
N OM N
N OM N

Command RBAC permissions and AD types

1
Switch Zone Fabric
Admin Admin Admin
N N O
N N OM
N N OM
N N OM
N N OM
N N OM
N N O
N N OM
N N OM
Basic Security Admin Domain
Switch Admin
Admin
N OM Disallowed
N O Disallowed
N O Disallowed
N O Disallowed
N O Disallowed
N O Disallowed
N OM Disallowed
N O Disallowed
N O Disallowed
3
113