Table of Contents
Advertisement
Role-Based Authorization
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Any role, when created, does not allow access to the required commands immediately. The administrator
Tip
must configure appropriate rules for each role to allow access to the required commands.
Configuring Roles and Profiles
To create an additional role or to modify the profile for an existing role, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# role name techdocs
switch(config-role)#
switch(config)# no role name techdocs
Step 3
switch(config-role)# description
Entire Tech. Docs. group
switch(config-role)# no description
Configuring Rules and Features for Each Role
Up to 16 rules can be configured for each role. The user-specified rule number determines the order in
which the rules are applied. For example, rule 1 is applied before rule 2, which is applied before rule 3,
and so on. A user not belonging to the network-admin role cannot perform commands related to roles.
For example, if user A is permitted to perform all show commands, user A cannot view the output of the
show role command if user A does not belong to the network-admin role
The rule command specifies operations that can be performed by a specific role. Each rule consists of a
rule number, a rule type (permit or deny), a command type (for example, config, clear, show, exec,
debug), and an optional feature name (for example, FSPF, zone, VSAN, fcping, or interface).
In this case, exec commands refer to all commands in the EXEC mode that do not fall in the show,
Note
debug, and clear, categories.
Modifying Profiles
To modify the profile for an existing role, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# role name sangroup
switch(config-role)#
Cisco MDS 9000 Family Configuration Guide
26-2
Chapter 26
Purpose
Enters configuration mode.
Places you in the mode for the specified role (techdocs).
The role submode prompt indicates that you are
Note
now in the role submode. This submode is now
specific to the techdocs group.
Deletes the role called techdocs.
Assigns a description to the new role. The description is
limited to one line and can contain spaces.
Resets the description for the Tech. Docs. group.
Purpose
Enters configuration mode.
Places you in sangroup role submode.
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Configuring Users and Common Roles
Advertisement
Table of Contents
Need help?
Do you have a question about the DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor and is the answer not in the manual?
Questions and answers