HPE FlexFabric 7900 Series Configuration Manual page 54
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
A user role can access the set of permitted commands, XML elements, and MIB nodes specified in
the user role rules. The user role rules include predefined (identified by sys-n) and user-defined user
role rules. For more information about the user role rule priority, see
Resource access policies
Resource access policies control access of user roles to system resources and include the following
types:
•
Interface policy—Controls access to interfaces.
•
VLAN policy—Controls access to VLANs.
•
VPN instance policy—Controls access to VPN instances.
Resource access policies do not control access to the interface, VLAN, or VPN instance options in
the display commands. You can specify these options in the display commands if the options are
permitted by any user role rule.
Predefined user roles
The system provides predefined user roles. These user roles have access to all system resources
(interfaces, VLANs, and VPN instances). However, their command access permissions differ, as
shown in
Table
Among all of the predefined user roles, only network-admin, mdc-admin, and level-15 can perform
the following tasks:
•
Access the RBAC feature.
•
Change the settings in user line view, including user-role, authentication-mode, protocol,
and set authentication password.
•
Create, modify, and delete local users and local user groups. The other user roles can only
modify their own passwords if they have permissions to configure local users and local user
groups.
All the predefined user roles are available for the default MDC. The network-admin and
network-operator user roles are not available for non-default MDCs. For more information about
MDCs, see
Level-0 to level-14 users can modify their own permissions for any commands except for the display
history-command all command.
Table 10 Predefined roles and permissions matrix
User role name
network-admin
network-operator
mdc-admin
10.
"Configuring
MDCs."
Permissions
Accesses all features and resources in the system.
•
•
•
•
•
•
Accesses all features and resources in the administered MDC.
Accesses the display commands for features and resources in the
system. To display all accessible commands of the user role, use the
display role name network-operator command.
Changes between MDC views.
Enables local authentication login users to change their own
password.
Accesses the command used for entering XML view.
Accesses all read-type XML elements.
Accesses all read-type MIB nodes.
46
"Configuring user role
rules."
Advertisement
Table of Contents
Troubleshooting
