Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

141

142

143

144

145

146

147

148

149

150

When you log in to a switch, your user account is associated with a predefined role or a user-defined role. The role that your account is

associated with determines the level of access you have on that switch and in the fabric. The chassis role can also be associated with

user-defined roles; it has permissions for RBAC classes of commands that are configured when user-defined roles are created. The

chassis role is similar to a switch-level role, except that it affects a different subset of commands. You can use the userConfig command

to add this permission to a user account.

The following table outlines the Fabric OS predefined (default) roles.

TABLE 20 Default Fabric OS roles

Role name Duties Description

Admin All administration All administrative commands

BasicSwitchAdmin Restricted switch administration Mostly monitoring with limited switch (local)

commands

FabricAdmin Fabric and switch administration All switch and fabric commands, excluding user

management commands

Operator General switch administration Routine switch-maintenance commands.

SecurityAdmin Security administration All switch security and user management

functions

SwitchAdmin Local switch administration Most switch (local) commands, excluding

security, user management, and zoning

commands

User Monitoring only Nonadministrative use, such as monitoring

system activity

ZoneAdmin Zone administration Zone management commands only

Role permissions

The following table describes the types of permissions that are assigned to roles.

TABLE 21 Permission types

Abbreviation Definition Description

O Observe The user can run commands by using options

that display information only, such as running

userConfig --show -a to show all users on a

switch.

M Modify The user can run commands by using options

that create, change, and delete objects on the

system, such as running the userConfig --

change command with the -r option to change a

user’s role.

OM Observe and Modify The user can run commands by using both

observe and modify options; if a role has modify

permissions, it almost always has observe

permissions.

N None The user is not allowed to run commands in a

given category.

To view the permission type for categories of commands, use the classConfig command.

∙ Enter the classConfig --show -classlist command to list all command categories.

∙ Enter the classConfig --showroles command with the command category of interest as the argument.

Managing User Accounts

Brocade Fabric OS Administration Guide, 8.0.1

146 53-1004111-02