Manualshelf

HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)

ManualsBrandsHP ManualsStorageHP DC04 SAN Director Switch
51525354555657585960
54 Managing user accounts
Using Role-Based Access Control (RBAC)
Role-Based Action Control (RBAC) defines the capabilities that a user account has based on the role the
account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and tasks
that can be performed on a fabric and its associated fabric elements. Fabric OS 6.x uses RBAC to
determine which commands a user can issue.
When you log in to a switch, your user account is associated with a pre-defined role. The role that your
account is associated with determines the level of access you have on that switch and in the fabric. Table 8
outlines the Fabric OS predefined roles.
You can perform these operations only on the primary FCS switch.
For legacy users with no Admin Domain specified, the user will have access to AD 0 through 255 (physical
fabric admin) if their current role is Admin; otherwise, the user will have access to AD0 only.
If some Admin Domains have been defined for the user and all of them are inactive, the user will not be
allowed to log in to any switch in the fabric.
If no Home Domain is specified for a user, the system provides a default home domain. The default home
domain for the predefined account is AD0. For user-defined accounts, the default home domain is the
Admin Domain in the user’s Admin Domain list with the lowest ID.
Table 8 Fabric OS 6.x roles
Role name Fabric OS version Duties Description
Admin All All administration All administrative commands.
BasicSwitchAdmin 5.2.0 and later Restricted switch
administration
Mostly monitoring with limited
switch (local) commands.
FabricAdmin 5.2.0 and later Fabric and switch
administration
All switch and fabric commands,
excludes user management and
Administrative Domains commands.
Operator 5.2.0 and later General switch
administration
Routine switch maintenance
commands.
SecurityAdmin 5.3.0 and later Restricts security
functions
All switch security and user
management functions.
SwitchAdmin 5.0.0 and later Local switch
administration
Most switch (local) commands,
excludes security, user management,
and zoning commands.
User All Monitoring only Nonadministrative use, such as
monitoring system activity.
ZoneAdmin 5.2.0 and later Zone administration Zone management commands only.