Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

961

962

963

964

965

966

967

968

969

970

Brocade Fabric OS Command Reference 937

53-1004112-02

roleConfig

Manages user-defined roles.

Synopsis roleconfig --add role_name [-desc description]

[-class rbac_class_list] [-perm permission]

roleconfig --change role_name [-class rbac_class_list

-perm permission [-desc description

roleconfig --delete role_name [-force]

roleconfig --copy new_role -role source_role

roleconfig --show role_name | -all [default]

roleconfig --help

Description Use this command to create or modify user-defined roles, to define permissions for these roles based on

role-based access control (RBAC) permissions and meta-object format (MOF) classes, and to display the

configured roles. Two types of access control restriction exist in Fabric OS:

• Restriction by MOF class: A MOF class groups similar Fabric OS commands into feature sets that share the

same access permissions. By assigning one or more MOF classes to a role, the account with the specified

role can access all the commands included in these classes. For example, the predefined role ZoneAdmin can

access the commands under the MOF class Zoning, but not those under the UserManagement class. With the

roleConfig command you could define a special admin role called myzonesec and assign access to this role

for both the zoning and the userManagement class.

• Restriction by RBAC access level: You can further restrict access by setting RBAC one of the following access

levels for the role. The RBAC permissions are set per class.

- O = observe

- OM = observe-modify

- N = none/not available

Use the --show option to display information about user-defined roles and default roles. Use the classConfig

command to display information about MOF classes and associated commands. Note that you cannot modify the

predefined Fabric OS roles.

Notes The execution of this command is subject to Virtual Fabric restrictions that may be in place. Refer to "Using Fabric

OS Commands" and "Command Availability" for details.

Operands This command has the following operands:

--add

Creates a role with the specified name and optional attributes. The new role is created with

two default RBAC classes, "localuserenvironment" and "nocheck" and has the default

permissions observe and modify ("OM). A configuration download will always reset the

permissions of these two default classes to "OM."

--change

Modifies an existing user-defined role.