Using Role-Based Access Control (Rbac); Fabric Os 6.1.X Roles - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs Also See for A7533A - Brocade 4Gb SAN Switch Base:
Table of Contents

Advertisement

Using Role-Based Access Control (RBAC)

Role-Based Action Control (RBAC) defines the capabilities that a user account has based on the role the
account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and tasks
that can be performed on a fabric and its associated fabric elements. Fabric OS 6.1.x uses RBAC to
determine which commands a user can issue.
When you log in to a switch, your user account is associated with a pre-defined role. The role that your
account is associated with determines the level of access you have on that switch and in the fabric.
outlines the Fabric OS predefined roles.
Table 8

Fabric OS 6.1.x roles

Role name
Admin
BasicSwitchAdmin
FabricAdmin
Operator
SecurityAdmin
SwitchAdmin
User
ZoneAdmin
You can perform these operations only on the primary FCS switch.
For legacy users with no Admin Domain specified, the user will have access to AD 0 through 255 (physical
fabric admin) if their current role is Admin; otherwise, the user will have access to AD0 only.
If some Admin Domains have been defined for the user and all of them are inactive, the user will not be
allowed to log in to any switch in the fabric.
If no Home Domain is specified for a user, the system provides a default home domain. The default home
domain for the predefined account is AD0. For user-defined accounts, the default home domain is the
Admin Domain in the user's Admin Domain list with the lowest ID.
56
Managing user accounts
Fabric OS version Duties
All
All administration
5.2.0 and later
Restricted switch
administration
5.2.0 and later
Fabric and switch
administration
5.2.0 and later
General switch
administration
5.3.0 and later
Restricts security
functions
5.0.0 and later
Local switch
administration
All
Monitoring only
5.2.0 and later
Zone administration
Description
All administrative commands.
Mostly monitoring with limited
switch (local) commands.
All switch and fabric commands,
excludes user management and
Administrative Domains commands.
Routine switch maintenance
commands.
All switch security and user
management functions.
Most switch (local) commands,
excludes security, user management,
and zoning commands.
Nonadministrative use, such as
monitoring system activity.
Zone management commands only.
Table 8

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents