Brocade Network Advisor SMI Agent Developer's Guide v11.1.0 (53-1002169-01, May 2011)

Brocade Network Advisor SMI Agent Developer’s Guide 1
53-1002169-01
Chapter
1
Connecting to the Fabric
In this chapter
Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Admin Domains and Brocade Network Advisor SMI Agent. . . . . . . . . . . . . . . 2
Connecting to the Brocade Network Advisor SMI Agent . . . . . . . . . . . . . . . . . 2
Discovering a fabric and a host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Role-Based Access Control
Role-Based Access Control (RBAC) defines the capabilities that a user account has based on the
role the account has been assigned. For each role, there is a set of pre-defined permissions on the
jobs and tasks that can be performed on a fabric and its associated fabric elements.
The RBAC check is performed based on the value of the Storage Management Initiative (SMI) Agent
Operations privilege for Common Information Model Object Manager (CIMOM) client requests. The
following responses are received for the different values of the SMI Agent Operations privilege:
No Access - If you query the CIMOM without the SMI Agent Operations privilege, the following
WBEM Exception is returned.
CIM_ERR_ACCESS_DENIED: The specified principal does not have access to perform this
operation.
Read Only Access - If you have the Read Only Access privilege and try to perform any write
operation on any of the profiles, the following WBEM Exception is returned.
CIM_ERR_ACCESS_DENIED: The specified principal does not have access to perform this
operation.
The user is not restricted to perform the WBEM queries.
Read/Write Access - No restriction is imposed on any user who has Read/Write Access for the
SMI Agent Operations privilege.
All the Resource Grouping (fabrics and hosts) performed through the user management dialog
boxes is honored by the CIMOM. The resource grouping is not be applicable for filtering out
indications. The indications from all the fabrics managed by Brocade Network Advisor is
delivered irrespective of the resource grouped by the user.
If you select the Authentication mode as No Authentication, then all the previously specified
RBAC checks are performed on the credentials provided by you in the Authentication tab of the
Configuration Tool and the previously described behavior is observed.
If a user A changes the password of a user B who has logged in to CIMOM, the user B can
continue querying the CIMOM until Brocade Network Advisor expires the user B session.
You can retrieve all the information from the interop namespace and can perform the getclass
operations even if there is no access for the SMI Agent Operations privilege.
Refer to the Brocade Network Advisor User Manual for more information about RBAC.