Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

121

122

123

124

125

126

127

128

129

130

Fabric OS Administrator’s Guide 85

53-1002148-02

User accounts overview

If some Admin Domains have been defined for the user and all of them are inactive, the user will

not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the

system provides a default home domain.

The default home domain for the predefined account is AD0. For user-defined accounts, the default

home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.

Role permissions

Table 12 describes the types of permissions that are assigned to roles.

To view the permission type for categories of commands, use the classConfig command:

1. Enter the classConfig --show -classlist command to list all command categories.

2. Enter the classConfig --showroles command with the command category of interest as the

argument.

This command shows the permissions that apply to all commands in a specific category. For

example:

classconfig --showroles authentication

Roles that have access to the RBAC Class ‘authentication’ are:

Role name Permission

--------- ----------

Admin OM

Factory OM

Root OM

Security Admin OM

You can also use the classConfig --showcli command to show the permissions that apply to a

specific command.

The management channel

The management channel is the communication established between the management

workstation and the switch. Table 13 shows the number of simultaneous login sessions allowed for

each role when authenticated locally. The roles are displayed in alphabetic order which does not

reflect their importance. When authenticating using LDAP or RADIUS, the total number of sessions

on a switch may not exceed 32.

TABLE 12 Permission types

Abbreviation Definition Description

O Observe The user can run commands using options that display information only, such

as running userConfig --show -a to show all users on a switch.

M Modify The user can run commands using options that create, change, and delete

objects on the system, such as running userConfig --change username -r

rolename to change a user’s role.

OM Observe and

Modify

The user can run commands using both observe and modify options; if a role

has modify permissions, it almost always has observe.

N None The user is not allowed to run commands in a given category.