Reference Guide
4 Brocade Fabric OS Command Reference
53-1004112-02
Determining RBAC permissions for a specific command
The following example shows how you can obtain permission information for the zone command. Suppose you want to know if a user
with the SwitchAdmin role can create a zone. You issue the classconfig --showcli command for the zone command, which shows that the
zone --add command belongs to the RBAC class “zoning”. You then issue the classconfig --showroles command for the zoning RBAC
class. The output shows that the SwitchAdmin role has ‘Observe” (O) permissions only for any command in the zoning class. This means
that the user with the SwitchAdmin role is not allowed to create zones. To allow this user to create a zone, you must change the user’s
access to any of the roles that have “observe and modify” (OM) access. Use the userConfig command to change the user’s role or use the
roleConfig command to create a custom role.
switch:admin> classconfig --showcli zone
CLI Option Permission RBAC Class Context
----------------------------------------------------------
zone Killall OM Debug vf
zone evlogclear OM Debug vf
zone evlogshow O Debug vf
zone evlogtoggle OM Debug vf
zone mergeshow O Debug vf
zone stateshow O Debug vf
zone activate OM Zoning vf
zone add OM Zoning vf
zone copy OM Zoning vf
zone create OM Zoning vf
zone deactivate OM Zoning vf
(output truncated)
switch:admin> classconfig --showroles zoning
Roles that have access to the RBAC Class 'zoning' are:
Role Name Permission
--------- ----------
User O
Admin OM
Factory OM
Root OM
Operator O
SwitchAdmin O
ZoneAdmin OM
FabricAdmin OM
BasicSwitchAdmin O
SecurityAdmin O
NOTE
If a Role Name does not appear in the list, it indicates that the role is not available to the specified class and associated commands
in that class are restricted and cannot be executed in that role.