Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)
Fabric OS Command Reference Manual 763
53-1000436-01
Appendix
RBAC Command Availability
This appendix explains how a command is validated when it is typed at the command prompt.
A command must be validated based on the user account’s role before the command is executed.
Validation is done with these checks, in this order:
1. Active/Standby availability: on chassis-based systems, check that the command is available on
the Control Processor (CP).
2. RBAC availability: check that the invoking user’s role is permitted to invoke the command. If the
command modifies system state, the user's role must have modify permission for the
command. If the command only displays system state, the user's role must have observe
permission for the command. Some commands both observe and modify system state and
thus require observe-modify permission.
3. Admin Domain availability: check that the command is allowed in the currently selected Admin
Domain.
4. Command-specific: checks such as whether the command is supported on the platform for
which it is targeted, etc.
Refer to Table 1 for the RBAC availability of all commands, as used by Fabric OS in Step 2.
TABLE 1 RBAC Availability of All Commands (O = observe, OM = observe-modify, N = none/not available)
Command Name User Admin Operator Switch
Admin
Zone
Admin
Fabric
Admin
Basic
Switch
Admin
Security
Admin
aaaConfig N OM N N N N N OM
ad N OM N N N N N O/OM
ag O OM OM OM O OM OM N
agshow O OM OM OM O OM O N
agtcfgDefault O OM O OM N OM O OM
agtcfgSet O OM O OM N OM O OM
agtcfgShow O OM O OM N OM O OM
aliAdd O OM O O OM OM O O
aliCreate O OM O O OM OM O O
aliDelete O OM O O OM OM O O
aliRemove O OM O O OM OM O O
aliShow O OM O O OM OM O O
A