beautypg.com

User-defined roles, Table 6, Creating or modifying a role – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 212

background image

180

Network OS NETCONF Operations Guide

53-1003231-02

Role-based access control

15

The admin role has the highest privileges. All commands available in Privileged EXEC mode
and in global configuration mode are accessible to the user associated with the admin role.

With a new switch, only the admin user account has access to perform user and role management
operations. The admin user can create any roles and configure those roles for access to user and
role management operations.

User-defined roles

In addition to the default roles, Network OS supports the creation of user-defined roles. A
user-defined role starts from a basic set of privileges which are then refined by adding special
rules. When you have created a role, you can assign a name to the role and then associate the role
to one or more user accounts. With NETCONF, you can perform the following operations that
manage user defined roles:

Define new roles and delete user-defined roles.

Specify access rules for specific operations and assign these rules to a given role.

Associate a given user-defined role with a specific user account.

A user-defined role has a mandatory name and an optional description as shown in

Table 6

.

The operation of creating a role must satisfy the following criteria to succeed:

The maximum number of roles supported on a chassis is 64.

The operation must be run from an account authorized for the operation.

If the role specified already exists, the operation modifies the existing role.

Creating or modifying a role

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the node element.

3. Under the node, include the following leaf elements.

a. In the leaf element, specify the name of the role you are creating or modifying.

The name can be up to 32 characters long.

b. In the element, specify a description in up to 64 characters.

The following example creates a role named VLANAdmin and provides the description “Manages
security.”

TABLE 6

Role attributes

Parameter

Description

name

The role name must be unique, begin with a letter, and can contain alphanumeric
characters and underscores. The length of the role name should be between 4 and
32 characters. The name cannot be same as that of an existing user, an existing
default role, or an existing user-defined role.

desc

An optional description of the role. The description can be up to 64 characters and
can include any printable ASCII character, except for the following characters: single
quotation marks (‘), double quotation marks (“), exclamation point (!), colon (:), and
semi-colon (;). If the description contains spaces, you must enclose the text in double
quotation marks. if the description contains spaces.