Manualshelf

Reference Guide

ManualsBrandsDell ManualsserversDell Brocade 6510
31323334353637383940
4 Fabric OS Command Reference
53-1002921-02
Understanding Admin Domain restrictions
1
In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions
apply to the RBAC permissions specified in
Table 2. Refer to the userConfig command for more
information on configuring user account access permissions in a Virtual Fabric environment.
Any given role is allowed to execute all switch commands to which the role is authorized in the
account’s home context. The default home context is the default logical fabric FID 128.
You can change an account’s home context to a specified FID and configure the account
permissions to access additional logical switches specified in the user’s Fabric ID list.
Accounts with user or admin permissions can be granted chassis permissions. A user account
with the chassis role can execute chassis-level commands at the user RBAC access level. An
admin account with the chassis role can execute chassis-level commands at the admin RBAC
access level.
Use the classConfig --showcli command to look up the Virtual Fabrics context for a specified
command. Refer to
Appendix A, “Command Availability,” for a complete listing of Virtual Fabric
restrictions that apply to the commands included in this manual.
Understanding Admin Domain restrictions
A subset of Fabric OS commands is subject to Admin Domain (AD) restrictions that may be in place.
In order to execute an AD-restricted command on a switch or device, the switch or device must be
part of a given Admin Domain, and the user must be logged in to that Admin Domain.
Six Admin Domain types are supported, as defined in Table 5.
Refer to Appendix A, “Command Availability,” for a listing of Admin Domain restrictions that apply to
the commands included in this manual.
Determining RBAC permissions for a specific command
To determine RBAC permission for a specific command, use the classconfig --showcli command.
1. Enter the classconfig --showcli command for a specified command.
The command displays the RBAC class and access permissions for each of the command
options. Note that options for a single command option can belong to different classes.
TABLE 5 AD types
AD Type Definition
Allowed Allowed to execute in all ADs.
PhysFabricOnly Allowed to execute only in AD255 context (and the user should own
access to AD0-AD255 and have admin RBAC privilege).
Disallowed Allowed to execute only in AD0 or AD255 context; not allowed in
AD1-AD254 context.
PortMember All control operations allowed only if the port or the local switch is part
of the current AD. View access allowed if the device attached to the
port is part of current AD.
AD0Disallowed Allowed to execute only in AD255 and AD0 (if no ADs are configured).
AD0Only Allowed to execute only in AD0 when ADs are not configured.