HP 12500 Configuration Manual page 24

Routing switch series

Hide thumbs Also See for 12500:

Configuration manual (402 pages)

Network management and monitoring command reference (320 pages)

Command reference manual (157 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

Table of Contents

A user role can have multiple rules uniquely identified by rule numbers. The set of permitted commands

in these rules are accessible to the user role. If two rules conflict, the one with higher number takes effect.

For example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3 denies

the ping command, the user role can use the tracert command but not the ping command.

Resource access policies

Resource access policies control access of user roles to system resources and include the following types:

Interface policy—Controls access to interfaces.

•

VLAN policy—Controls access to VLANs.

VPN instance policy—Controls access to VPNs.

•

Resource access policies do not control access to the interface, VLAN, or VPN options in the display

commands. You can specify these options in the display commands if they are permitted by any user role

rule.

Predefined user roles

The system provides 20 predefined user roles. All these user roles have access to all system resources

(interfaces, VLANs, and VPNs), but their command access permissions (see

Among all the predefined user roles, only the user roles network-admin, mdc-admin, and level- 1 5 can

access the RBAC feature, and change the settings including user-role, authentication-mode, protocol,

and set authentication password in user interface view.

All the predefined user roles are available for the default MDC. The user roles network-admin and

network-operator are not available for non-default MDCs. For more information about MDCs, see

"Configuring MDCs."

Table 6 Predefined roles and permissions matrix

User role name

network-admin

network-operator

mdc-admin

mdc-operator

Permissions

Accesses all features and resources in the system.

•

Accesses the display commands (except display history-command all)

for all features and resources in the system.

•

Switches between MDC views.

•

Enables local authentication login users to change their own password.

Accesses all the features and resources in the administered MDC.

•

Accesses the display commands (except display history-command all)

for all the features and resources available in the administered MDC.

•

Enables local authentication login users to change their own password.

Table

6) differ.

Table of Contents

HP 12500 Configuration Manual page 24

Troubleshooting

Related Products for HP 12500

HP 12500 Configuration Manual page 24

Troubleshooting

Related Manuals for HP 12500

Related Products for HP 12500

Table of Contents