In This Chapter; Role-Based Access Control - HP Brocade 8/24c Developer's Manual

Brocade network advisor smi agent developer's guide v11.1.0 (53-1002169-01, may 2011)

Hide thumbs Also See for Brocade 8/24c:

User manual (64 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Connecting to the Fabric

In this chapter

Role-Based Access Control

Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the

role the account has been assigned. For each role, there is a set of pre-defined permissions on the

jobs and tasks that can be performed on a fabric and its associated fabric elements.

The RBAC check is performed based on the value of the Storage Management Initiative (SMI) Agent

Operations privilege for Common Information Model Object Manager (CIMOM) client requests. The

following responses are received for the different values of the SMI Agent Operations privilege:

•

You can retrieve all the information from the interop namespace and can perform the getclass

operations even if there is no access for the SMI Agent Operations privilege.

Refer to the Brocade Network Advisor User Manual for more information about RBAC.

Brocade Network Advisor SMI Agent Developer's Guide

53-1002169-01

•

Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

•

Admin Domains and Brocade Network Advisor SMI Agent. . . . . . . . . . . . . . . 2

•

Connecting to the Brocade Network Advisor SMI Agent . . . . . . . . . . . . . . . . . 2

•

Discovering a fabric and a host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

No Access - If you query the CIMOM without the SMI Agent Operations privilege, the following

WBEM Exception is returned.

CIM_ERR_ACCESS_DENIED: The specified principal does not have access to perform this

operation.

Read Only Access - If you have the Read Only Access privilege and try to perform any write

operation on any of the profiles, the following WBEM Exception is returned.

CIM_ERR_ACCESS_DENIED: The specified principal does not have access to perform this

operation.

The user is not restricted to perform the WBEM queries.

Read/Write Access - No restriction is imposed on any user who has Read/Write Access for the

SMI Agent Operations privilege.

All the Resource Grouping (fabrics and hosts) performed through the user management dialog

boxes is honored by the CIMOM. The resource grouping is not be applicable for filtering out

indications. The indications from all the fabrics managed by Brocade Network Advisor is

delivered irrespective of the resource grouped by the user.

If you select the Authentication mode as No Authentication, then all the previously specified

RBAC checks are performed on the credentials provided by you in the Authentication tab of the

Configuration Tool and the previously described behavior is observed.

If a user A changes the password of a user B who has logged in to CIMOM, the user B can

continue querying the CIMOM until Brocade Network Advisor expires the user B session.

Chapter

Table of Contents

This manual is also suitable for:

Brocade bladesystem 4/24 Network advisor smi agent 11.1.0

In This Chapter; Role-Based Access Control - HP Brocade 8/24c Developer's Manual

In this chapter

Role-Based Access Control

Related Manuals for HP Brocade 8/24c

Related Content for HP Brocade 8/24c

This manual is also suitable for:

Table of Contents