HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)
Fabric OS 6.1.1 administrator guide 59
Role permissions
Table 9 describes the types of permissions that are assigned to roles.
Table 10 shows the permission type for categories of commands that each role is assigned. The
permissions apply to all commands within the specified category. For a complete list of commands and
role permissions, see the Fabric OS Command Reference.
Table 9 Permission types
Abbreviation Definition Description
O Observe The user can run commands using options that display information only,
such as running userConfig --show -a to show all users on a
switch.
M Modify The user can run commands using options that create, change, and
delete objects on the system, such as running userconfig
--change username -r rolename to change a user’s role.
OM Observe and
modify
The user can run commands using both observe and modify options; if
a role has modify permissions, it almost always has observe.
N None The user is not allowed to run commands in a given category.
Table 10 RBAC permissions matrix
Category Role permission
User Operator Switch
admin
Zone
admin
Fabric
admin
Basic
switch
admin
Admin Security
admin
Admin Domains N N N N N N OM O
Admin Domains—Selection OM OM OM OM OM OM OM OM
Access Gateway O OM OM O OM O OM N
APM O O OM N OM O OM N
Audit O O O O O O OM OM
Authentication N N N N N N OM OM
Blade O OM OM N OM O OM N
Chassis Configuration O OM OM N OM O OM N
Configuration Management N O O O O O OM O
Data Migration Manager N N N N N N OM N
Debug N N N N N N N N
Diagnostics O OM OM N OM O OM N
Ethernet Configuration O O OM N OM O OM N
Fabric O O O O OM O OM O
Fabric Distribution N N N N OM N OM OM
Fabric Routing O O O O OM O OM N
Fabric Watch O OM OM N OM O OM N
FICON O OM OM N OM O OM N
Firmware Management O OM OM O OM O OM O
FRU Management O OM OM N OM O OM N