Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade M6505

201

202

203

204

205

206

207

208

209

210

Displaying roles and assigned logical fabrics

You can display user role assignments for logical fabrics.

1. Open the Switch Administration window as described in Opening the Switch Administration

window on page 52.

2. Select the User tab.

3. Select an account.

4. Select Show Role and VF. The role mapping for that user displays.

User-defined roles

User-defined roles provide the ability to create roles dynamically on the switch. The default roles, such

as Root, Factory, Admin, User, SwitchAdmin, ZoneAdmin, FabricAdmin, BasicSwitchAdmin,

SecurityAdmin, and Operator, are defined by giving different permissions for different features, or by

restricting access to various features. The default roles cannot be edited for assigning different

privileges. However, user-defined roles provide the ability to create new roles and define permissions

for the RBAC classes.

Guidelines and restrictions

Follow these guidelines and restrictions when creating and configuring user-defined roles:

• In order for the user-defined role to be able to edit the Port Admin and FCR configuration, you must

assign the RBAC_SwitchPortManagement and RBAC_SwitchPortConfiguration RBAC classes to

the role.

• In order for the user-defined role to be able to set the Fabric ID, you must assign the

RBAC_FabricRouting and RBAC_SwitchConfiguration RBAC classes to the role.

• In order for the user-defined role to be able to view reports, you must assign the

RBAC_SwitchManagement, RBAC_SwitchConfiguration, and RBAC_FRUManagement RBAC

classes to the role.

For some functionality and operations, which needs chassis level access, the user-defined role

privileges must be assigned at both the chassis level and the Logical Fabric level to have the

corresponding tab enabled:

• In order for the user-defined role to have access to the System Monitor which displays CPU and

Memory Usage under the Monitor tab, you must assign read/write RBAC_FabricWatch permission

and CHASSIS_CONTEXT context type to the Chassis Access Role.

• In order for the user-defined role to have access to the Configure tab, you must assign either the

RBAC_ConfigManagement, RBAC_SwitchConfiguration, or RBAC_Configure classes to the user-

defined role, which is applied at the Logical Fabric level. Any of these three classes are sufficient.

• In order for the user-defined role to have access to the Security Policy tab, you must assign either

the RBAC_Authentication, RBAC_FabricDistribution, RBAC_Security, RBAC_IPSec, RBAC_AG, or

RBAC_IPfilter classes to the user-defined role, which is applied at the Logical Fabric level. Any of

these six classes is sufficient.

• In order for the user-defined role to have access to the Switch tab, you must assign either the

RBAC_SwitchConfiguration, RBAC_SwitchManagement, RBAC_FRUManagement, RBAC_AG, or

RBAC_Configure classes to the user-defined role, which is applied at the Logical Fabric level. Any

of these five classes is sufficient.

Displaying roles and assigned logical fabrics

206 Web Tools Administrator's Guide

53-1003169-01