Assigning A User To An Admin Domain - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Assigning a user to an Admin Domain

After you create an Admin Domain, you can specify one or more user accounts as the valid accounts who
can use that Admin Domain. You create these user accounts using the userConfig command. User
accounts have the following characteristics with regard to Admin Domains:
• A user account can only have a single role.
You can choose roles from one of the seven types of roles, either the existing user and administrator role
or one of the other RBAC roles.
• You can configure a user account to have access to the physical fabric through AD255 and to a list of
Admin Domains (AD0–AD254).
• You can configure a user account to have access to only a subset of your own Admin Domain list. Only
a physical fabric administrator can create another physical fabric administrator user account.
• Users capable of using multiple Admin Domains, can designate one of these Admin Domains as the
home Admin Domain, which is the default Admin Domain context after login.
• If you do not specify one, the home Admin Domain is the lowest valid Admin Domain in the
numerically-sorted AD list.
Users can log in to their Admin Domains and create their own Admin Domain-specific zones and zone
•
configurations.
• Adding an Admin Domain list, home Admin Domain, and role to a user configuration is backward
compatible with pre-Fabric OS 5.2.0 firmware. When you downgrade to pre-Fabric OS 5.2.0
firmware, the userConfig command records are interpreted using legacy logic.
To create a new user account for managing Admin Domains:
1. Connect to the switch and log in as admin.
2. Enter the userconfig
access to Admin Domains, and the -h option to specify the home Admin Domain.
userconfig --add username -r role -h home_AD -a "AD_list"
where username is the name of the account, role is the user account role, home_AD is the home Admin
Domain, and AD_list is the list of Admin Domains to which the user account will have access.
The following example creates new user account ad1admin with an admin role and assigns one Admin
Domain, blue_ad1, to it. This example also assigns blue_ad1 as the user's home Admin Domain.
sw5:admin> userconfig --add ad1admin -r admin -h blue_ad1 -a "blue_ad1"
The following example creates new user account ad2admin with an admin role, access to Admin
Domains 1 and 2, and home Admin Domain set to 2.
sw5:admin> userconfig --add ad2admin -r admin -h 2 -a "1,2"
To assign Admin Domains to an existing user account:
1. Connect to the switch and log in as admin.
2. Enter the userConfig
and the -h option to specify the home Admin Domain.
userconfig --addad username -h home_AD -a "AD_list"
where username is the name of the account, home_AD is the home Admin Domain, and AD_list is the
list of Admin Domains to which the user account will have access.
The following example assigns Admin Domain green_ad2 to the existing user account ad1admin.
sw5:admin> userconfig --addad ad1admin -r admin -a "green_ad2"
To create a new physical fabric administrator user account:
1. Connect to the switch and log in as admin.
2. Enter the userconfig
option to provide access to Admin Domains 0 through 255.
userconfig --add username -r admin -h home_AD -a "0-255"
154 Managing administrative domains
add command using the -r option to set the role, the -a option to provide
--
addad command using the -a option to provide access to Admin Domains
--
add command using the -r option to set the role to admin and the -a
--