Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsStorageHP 8/40 Power Pack+ (24) Full Fabric Ports Enabled SAN Switch

121

122

123

124

125

126

127

128

129

130

86 Fabric OS Administrator’s Guide

53-1002148-02

User accounts overview

Managing user-defined roles

Fabric OS provides an extensive toolset for managing user defined roles:

• The roleConfig command is available for defining new roles, deleting created roles, or viewing

information about user-defined roles.

• The classConfig command is available for displaying RBAC information about each category or

class of commands, including an option to show all roles associated with a given RBAC

command category.

• The userConfig command can be used to assign a user-defined role to a user account.

Creating a user-defined role

You can define a role as long as it has a unique name that is not the same as any of the Fabric OS

default roles, any other user-defined role, or any existing user account name.

The following conditions also apply:

• A role name is case-insensitive and contains only letters.

• The role name should have a minimum of 4 letters and can be up to 16 letters long.

• The maximum number of user-defined roles that are allowed on a chassis is 256.

The roleConfig command can be used to define unique roles. You must have chassis level access

and permissions to execute this command. The following example creates a user-defined role

called mysecurityrole. The RBAC class Security is added to the role, and the Observe permission is

assigned:

> roleconfig --add mysecurityrole -class security -perm O

Role added successfully

The assigned permissions can be no higher than the Admin role permission assigned to the class.

The Admin role permission for the Security class is Observe/Modify. Therefore, the Observe

permission is valid.

The roleConfig --show command is available to view the permissions assigned to a user-defined

role. You can also use the classConfig --showroles command to see that the role was indeed added

with Observe permission for the security commands:

TABLE 13 Maximum number of simultaneous sessions

Role name Maximum sessions

Admin 2

BasicSwitchAdmin 4

FabricAdmin 4

Operator 4

SecurityAdmin 4

SwitchAdmin 4

User 4

ZoneAdmin 4