Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

111

112

113

114

115

116

117

118

119

120

Fabric OS Administrator’s Guide 75

53-1001336-02

User accounts overview

If some Admin Domains have been defined for the user and all of them are inactive, the user will

not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the

system provides a default home domain.

The default home domain for the predefined account is AD0. For user-defined accounts, the default

home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.

Role permissions

Table 9 describes the types of permissions that are assigned to roles.

Table 10 shows the permission type for categories of commands that each role is assigned. The

permissions apply to all commands within the specified category. For a complete list of commands

and role permissions, see the Fabric OS Command Reference.

TABLE 9 Permission types

Abbreviation Definition Description

O Observe The user can run commands using options that display information only, such

as running userConfig --show -a to show all users on a switch.

M Modify The user can run commands using options that create, change, and delete

objects on the system, such as running userConfig --change username -r

rolename to change a user’s role.

OM Observe and

Modify

The user can run commands using both observe and modify options; if a role

has modify permissions, it almost always has observe.

N None The user is not allowed to run commands in a given category.

TABLE 10 RBAC permissions matrix

Category Role permission

Admin Basic

Switch

Admin

Fabric

Admin

Operator Security

Admin

Switch

Admin

User Zone

Admin

Admin Domains OM N N N O N N N

Admin Domains—Selection OM OM OM OM OM OM OM OM

Access Gateway OM O OM OM N OM O O

APM OM O OM O N OM O N

Audit OM O O O OM O O O

Authentication OM N N N OM N N N

Blade OM O OM OM N OM O N

Converged Enhanced Ethernet (FCoE) OM O OM O O O O O

Chassis Configuration

OM O OM OM N OM O N

Chassis Management

OM O OM N N N O N

Configure OM O O O OM O N O

Configuration Management OM O O O O O N O

Data Migration Manager OM N N N N N N N

DCE OM N OM N O O O N