HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)
62 Managing user accounts
Role Permissions
Table 10 describes the types of permissions that are assigned to roles.
Table 11 shows the permission type for categories of commands that each role is assigned. The
permissions apply to all commands within the specified category. For a complete list of commands and
role permissions.
BasicSwitchAdm
in
5.2.x and higher Restricted switch
administration
Mostly monitoring with limited
switch (local) commands.
User All Monitoring only Nonadministrative use, such as
monitoring system activity.
Table 9 Fabric OS 5.3.0 roles
Role name Version Duties Description
Table 10 Permission types
Abbreviation Definition Description
O Observe The user can run commands using options that display information only,
such as running userConfig --show -a to show all users on a switch.
M Modify The user can run commands using options that create, change, and
delete objects on the system, such as running userconfig --change
username -r rolename to change a user’s role.
OM Observe-Mod
ify
The user can run commands using both observe and modify options; if
a role has modify permissions, it almost always has observe.
N None The user is not allowed to run commands in that category.
Table 11 RBAC permissions matrix
Category Role permission
User Operator Switch
admin
Zone
admin
Fabric
admin
Basic
switchadmin
Admin Security
Admin
Access Gateway O OM OM O OM O OM N
Admin Domains N N N N N N OM O
Admin
Domains—Selection
OM OM OM OM OM OM OM OM
APM O O OM N OM O OM N
Audit O O O O O O O OM
Authentication N N N N N N OM OM
Blade O OM OM N OM O OM N
Chassis Configuration O OM OM N OM O OM N
Configuration
Management
NO O O O O OM O
Debug N N N N N N N N
Diagnostics O OM OM N OM O OM N
Ethernet Configuration O O OM N OM O OM N
Fabric O O O N OM O OM O
Fabric Distribution N N N N OM N OM OM
Fabric Routing O O O O OM O OM N