HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch

68 Managing user accounts

account using the userConfig command to add this permission to a user account. For clarity, this

permission has been added to Table 8 which describes the Fabric OS predefined roles.

Admin Domain considerations: Legacy users with no Admin Domain specified, whose current role is admin

will have access to AD0 through 255 (physical fabric admin); otherwise, they will have access to AD0

only.

If some Admin Domains have been defined for the user and all of them are inactive, the user will not be

allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides

a default Home Domain.

The default home domain for the predefined account is AD0. For user-defined accounts, the default Home

Domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.

Role permissions

Table 9 describes the types of permissions that are assigned to roles.

Table 8 Fabric OS roles

Role name Fabric OS

version

Duties Description

Admin All All administration All administrative commands

excluding chassis-specific commands

BasicSwitchAdmin 5.2.0 and later Restricted switch

administration

Mostly monitoring with limited

switch (local) commands

Chassis-role

permission

6.2.0 Chassis-specific

configuration

A role-permission applied only to the

user account through the

userConfig command.

FabricAdmin 5.2.0 and later Fabric and switch

administration

All switch and fabric commands,

excluding user management and

Admin Domains commands.

Operator 5.2.0 and later General switch

administration

Routine switch maintenance

commands.

SecurityAdmin 5.3.0 and later Security

administration

All switch security and user

management functions.

SwitchAdmin 5.0.0 and later Local switch

administration

Most switch (local) commands,

excluding security, user

management, and zoning

commands.

User All Monitoring only Non-administrative use, such as

monitoring system activity.

ZoneAdmin 5.2.0 and later Zone administration Zone management commands only.

Table 9 Permission types

Abbreviation Definition Description

O Observe The user can run commands using options that display information only,

such as running userConfig --show -a to show all users on a

switch.

M Modify The user can run commands using options that create, change, and

delete objects on the system, such as running userConfig

--change username -r rolename to change a user’s role.

OM Observe and

Modify

The user can run commands using both observe and modify

options; if a role has modify permissions, it almost always has

observe.

N None The user is not allowed to run commands in a given category.