3
Managing user accounts
This chapter provides information and procedures on managing authentication and user accounts.
Overview
Fabric OS provides two options for authenticating users—remote RADIUS services and/or the local switch
user database. Both options allow users to be centrally managed using the following methods:
•
Local user database: Manually synchronize the local user database using the distribute command
to push a copy of the switch's local user database to all other Fabric OS 5.2.x and higher switches in
the fabric.
Remote RADIUS servers: Users are managed in a remote RADIUS server, all switches in the fabric
•
can be configured to authenticate against the centralized remote database.
Accessing the management channel
The total number of sessions on a switch may not exceed 32.
login sessions allowed for each role.
Table 8
Maximum number of simultaneous sessions
Role name
User
Operator
SwitchAdmin
ZoneAdmin
FabricAdmin
BasicSwitchAdmin
SecurityAdmin
Admin
Using role-based access control (RBAC)
Fabric OS 5.3.0 uses Role-Based Access Control (RBAC) to determine which commands a user can run.
Assign one of the Fabric OS predefined roles to a user, as shown in
Table 9
Fabric OS 5.3.0 roles
Role name
Admin
SwitchAdmin
Operator
SecurityAdmin
ZoneAdmin
FabricAdmin
Maximum sessions
4
4
4
4
4
4
4
2
Version
Duties
All
All administration
5.0.x and higher
Local switch
administration
5.2x0 and higher
General switch
administration
5.3.0
Restricts security
functions
5.2.x and higher
Zone administration
5.2.x and higher
Fabric and switch
administration
Table 8
shows the number of simultaneous
Table
9.
Description
All administrative commands.
Most switch (local) commands,
excludes security, user management,
and zoning commands.
Routine switch maintenance
commands.
All switch security and user
management functions
Zone management commands only.
All switch and fabric commands,
excludes user management and
Administrative Domains commands.
Fabric OS 5.3.0 administrator guide
61