Administrators Guide (Supporting Fabric OS v7.3.0) User Manual
Maximum number of simultaneous sessions (Continued)TABLE 21
Role name Maximum sessions
BasicSwitchAdmin 4
FabricAdmin 4
Operator 4
SecurityAdmin 4
SwitchAdmin 4
User 4
ZoneAdmin 4
Managing user-defined roles
Fabric OS provides an extensive toolset for managing user-defined roles:
• The roleConfig command is available for defining new roles, deleting created roles, or viewing
information about user-defined roles.
• The classConfig command is available for displaying RBAC information about each category or
class of commands, and includes an option to show all roles associated with a given RBAC
command category.
• The userConfig command can be used to assign a user-defined role to a user account.
Creating a user-defined role
You can define a role as long as it has a unique name that is not the same as any of the Fabric OS
default roles, any other user-defined role, or any existing user account name.
The following conditions also apply:
• A role name is case-insensitive and contains only letters.
• The role name should have a minimum of 4 letters and can be up to 16 letters long.
• The maximum number of user-defined roles that are allowed on a chassis is 256.
The roleConfig command can be used to define unique roles. You must have chassis-level access
and permissions to execute this command. The following example creates a user-defined role called
mysecurityrole. The RBAC class Security is added to the role, and the Observe permission is
assigned:
switch:admin> roleconfig --add mysecurityrole -class security -perm O
Role added successfully
The assigned permissions can be no higher than the admin role permission assigned to the class. The
admin role permission for the Security class is Observe/Modify. Therefore, the Observe permission is
valid.
Managing user-defined roles
136 Fabric OS Administrators Guide
53-1003130-01