Manualshelf

Brocade Fabric OS Command Reference - Supporting Fabric OS v7.0.1 (53-1002447-01, March 2012)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class
21222324252627282930
Fabric OS Command Reference 1
53-1002447-01
Chapter
1
Using Fabric OS Commands
In this chapter
Understanding Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Understanding Virtual Fabric restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Understanding Admin Domain restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Using the command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Understanding Role-Based Access Control
Fabric OS implements Role-Based Access Control (RBAC) to control access to all Fabric OS operations.
Seven predefined roles are supported, as described in Table 2. These predefined role definitions are
guided by perceived common operational situations and the operations and effects a role is permitted to
have on a fabric and individual fabric elements.
In addition to these predefined roles, Fabric OS v7.0.0 and later provides support for creating
user-defined roles. Refer to the roleConfig command for more information.
Appendix Appendix A, “Command Availability,” explains the standard Role-Based Access Control checks
in place to validate command execution, and provides the RBAC permissions for the commands included
in this manual. Alternately, you can use the classConfig command to display the RBAC permissions for
any specified command or meta-object format (MOF) class. Refer to the classConfig command for more
information.
Additional command restrictions apply depending on whether Virtual Fabrics or Admin Domains are
enabled in a fabric.
TABLE 2 Role definitions
Role name Definition
User Non-administrative use, such as monitoring system activity. In Fabric
OS v6.2.0 and later, the user account gains access to Fabric ID 128.
This is the default logical fabric after a firmware upgrade.
Operator A subset of administrative tasks typically required for routine
maintenance operations.
SwitchAdmin Administrative use excluding security, user management, and zoning.
ZoneAdmin Zone management only.
FabricAdmin Administrative use excluding user management and Admin Domain
management.
BasicSwitchAdmin A subset of administrative tasks, typically of a more limited scope and
effect.
Admin All administrative tasks, including encryption and chassis commands.
SecurityAdmin Administrative use including admin, encryption, security, user
management, and zoning.