Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

141

142

143

144

145

146

147

148

149

150

∙ A role name is case-insensitive and contains only letters.

∙ The role name should have a minimum of 4 letters and can be up to 16 letters long.

∙ The maximum number of user-defined roles that are allowed on a chassis is 150.

The roleConfig command can be used to define unique roles. You must have chassis-level access and permissions to execute this

command. The following example creates a user-defined role called mysecurityrole. The RBAC class Security is added to the role, and

the Observe permission is assigned:

switch:admin> roleconfig --add mysecurityrole -class security -perm O

Role added successfully

The assigned permissions can be no higher than the admin role permission assigned to the class. The admin role permission for the

Security class is Observe/Modify. Therefore, the Observe permission is valid.

The roleConfig --show command is available to view the permissions assigned to a user-defined role. You can also use theclassConfig

--showroles command to see that the role was indeed added with Observe permission for the security commands.

switch:admin> classConfig --showroles security

Roles that have access to RBAC Class ‘security’ are:

Role Name Permissions

--------- -----------

User O

Admin OM

Root OM

SwitchAdmin O

FabricAdmin OM

BasicSwitchAdmin O

SecurityAdmin OM

mysecurityrole O

To delete a user-defined role, use the roleConfig --delete command.

Assigning a user-defined role to a user

The userConfig command allows you to assign a user-defined role to a user.

To assign a user-defined role to a user, complete the following steps.

1. Connect to the device and log in using an account with admin permissions.

2. You have multiple options for assigning a user-defined role to a user:

∙ To create a new user account and assign a role: userConfig --add

user_account

-r

role_name

∙ To change a user-defined role or add a new one to an existing user account: userConfig --change

user_account

-r

role_name

∙ To create a new user account and assign a chassis role: userConfig --add

user_account

-c

chassis_role_name

∙ To add a chassis role to an account: userConfig --change

user_account

-c

chassis_role_name

The commands can be combined; the following example assigns the “mysecurityrole” role to the existing “anewuser” account and also

adds the admin chassis role.

switch:admin> userConfig --change anewuser -r mysecurityrole -c admin

For more information on userConfig command options, refer to the

Fabric OS Command Reference

Configuring time-based access

You can also restrict the access for a user to a specified time of the day. The restriction applies for Telnet, SSH, console, and Web access

for a user on all days.

Managing User Accounts

Brocade Fabric OS Administration Guide, 8.0.1

148 53-1004111-02