Configuring Rbac; Overview; Permission Assignment - HP 5130 EI series Configuration Manual

Hide thumbs Also See for 5130 EI series:

Installation manual (70 pages)

Configuration manual (64 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

Table of Contents

Configuring RBAC

Overview

Role based access control (RBAC) controls user access to items and system resources based on user role.

Items include commands, XML elements, and MIB nodes. System resources include interfaces and

VLANs.

On devices that support multiple users, RBAC is used to assign access permissions to user roles that are

created for different job functions. Users are given permission to access a set of items and resources

based on the users' user roles. Because user roles are persistent, in contrast to users, separating

permissions from users enables easy permission authorization management. When the job

responsibilities of a user changes, new users are added, or old users are removed, you only need to

change the user roles or assign new user roles.

Permission assignment

Assigning permissions to a user role includes the following:

•

Define a set of rules to determine accessible or inaccessible items for the user role. (See

rules.")

Configure resource access policies to specify which interfaces and VLANs are accessible to the user

•

role. (See

To use a command related to a resource (an interface or VLAN), a user role must have access to both the

command and the resource.

For example, a user role has access to the qos apply policy command and access only to interface

GigabitEthernet 1/0/1. With this user role, you can enter the interface view and use the qos apply policy

command on the interface. However, you cannot enter the view of any other interface or use the

command on any other interface. If the user role has access to any interface but does not have access to

the qos apply policy command, you cannot use the command on any interface.

User role rules

User role rules permit or deny access to commands, XML elements, or MIB nodes. You can define the

following types of rules for different access control granularities:

Command rule—Controls access to a command or a set of commands that match a regular

•

expression.

•

Feature rule—Controls access to the commands of a feature by command type.

Read—Commands that display configuration and maintenance information. Examples include

the display commands and the dir command.

Write—Commands that configure the feature in the system. Examples include the info-center

enable command and the debugging command.

Execute—Commands that execute specific functions. Examples include the ping command and

the ftp command.

Feature group rule—Controls access to commands of a group of features by command type.

•

"Resource access

policies.")

"User role

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Configuring Rbac; Overview; Permission Assignment - HP 5130 EI series Configuration Manual

Configuring RBAC

Overview

Permission assignment

Hide quick links:

Troubleshooting

Related Manuals for HP 5130 EI series

Related Content for HP 5130 EI series

Table of Contents