Role-based access control, Default roles, Configuring a user alias – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Network OS NETCONF Operations Guide

179

53-1003231-02

Role-based access control

15

Configuring a user alias

The global alias is accessible across all users. The user-level alias is accessible only when the
respective user logs in.

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the , , and leaf elements to

define the alias configuration.

redwood

engineering

john smith

manager

Role-based access control

Network OS uses role-based access control (RBAC) as the authorization mechanism. You can
create roles dynamically and associate them with rules to define the permissions applicable to a
particular role. Every user account must be associated with a role and only a single role can be
associated with any given account.

RBAC specifies access rights to resources. When a user executes a command, privileges are
evaluated to determine access to the command based on the role of the user.

In Logical chassis cluster mode, the configuration is applied to all nodes in the cluster.

Default roles

All Brocade VDX switches support two default roles, “user” and “admin.” You cannot modify the
attributes of default roles; however, you can assign the default roles to non-default user accounts.
The default roles have the following access privileges:

•

The user role has limited privileges that are mostly restricted to executing show commands in
the Privileged EXEC mode. User accounts associated with the user role cannot access
configuration commands that are available only in global configuration mode.