User-defined roles, Table 6, Creating or modifying a role – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 212

180
Network OS NETCONF Operations Guide
53-1003231-02
Role-based access control
15
•
The admin role has the highest privileges. All commands available in Privileged EXEC mode
and in global configuration mode are accessible to the user associated with the admin role.
With a new switch, only the admin user account has access to perform user and role management
operations. The admin user can create any roles and configure those roles for access to user and
role management operations.
User-defined roles
In addition to the default roles, Network OS supports the creation of user-defined roles. A
user-defined role starts from a basic set of privileges which are then refined by adding special
rules. When you have created a role, you can assign a name to the role and then associate the role
to one or more user accounts. With NETCONF, you can perform the following operations that
manage user defined roles:
•
Define new roles and delete user-defined roles.
•
Specify access rules for specific operations and assign these rules to a given role.
•
Associate a given user-defined role with a specific user account.
A user-defined role has a mandatory name and an optional description as shown in
.
The operation of creating a role must satisfy the following criteria to succeed:
•
The maximum number of roles supported on a chassis is 64.
•
The operation must be run from an account authorized for the operation.
•
If the role specified already exists, the operation modifies the existing role.
Creating or modifying a role
1. Issue the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the
3. Under the
a. In the
The name can be up to 32 characters long.
b. In the
The following example creates a role named VLANAdmin and provides the description “Manages
security.”
TABLE 6
Role attributes
Parameter
Description
name
The role name must be unique, begin with a letter, and can contain alphanumeric
characters and underscores. The length of the role name should be between 4 and
32 characters. The name cannot be same as that of an existing user, an existing
default role, or an existing user-defined role.
desc
An optional description of the role. The description can be up to 64 characters and
can include any printable ASCII character, except for the following characters: single
quotation marks (‘), double quotation marks (“), exclamation point (!), colon (:), and
semi-colon (;). If the description contains spaces, you must enclose the text in double
quotation marks. if the description contains spaces.