Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
151152153154155156157158159160
ServerIron ADX Administration Guide 141
53-1002434-01
Chapter
3
Role Based Management
The Role Based Management (RBM) feature allows users to create different administrative
domains and enable user-based access privileges on a ServerIron ADX.
Overview
With this feature, a user can view and/or update configurations, such as virtual servers, real
servers, and csw policies, without having the capability of viewing or editing configurations
associated with another user. This feature also helps to address "virtualization" requirements.
The existing 3-level user privileges have been expanded to 4 levels. Among them, the existing 3
level, 0 for super user, 4 for port config, and 5 for read only, maintain their current forms. A new
privilege level (level 1) is added, and access by the users of this level is controlled by the role based
policy. The total number of users that can be created on a ServerIron ADX is 1024.
Depending on the configuration, the following roles can be granted to a user of privilege level 1:
Viewer of global configurations
Manager of global configurations
Manager of one or more contexts
Operator of one or more contexts
Viewer of one or more contexts
These roles are applicable only to level-1 users.
Super users have all privileges. The manager automatically has operator and viewer privileges for
the specific administrative domain and operator has viewer privileges for the domain.
Within a context, a user can be a manager, operator, or viewer of the following items and their child
configuration items:
real-name-or-ip
server virtual-name-or-ip
csw-rule
csw- policy
healthck
server port-policy
The contexts are identified by their names. Up to 256 contexts are supported. For backward
compatibility, context-oriented configurations not assigned to a context belong to a build-in default
context.
A context cannot be deleted if it is referenced.
A resource in a context cannot be bound to a resource in a different context. For example, a
virtual server in context c1 cannot be bound to a real server in context c2.