beautypg.com

Role permissions, Management channel – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 135

background image

The default home domain for the predefined account is AD0. For user-defined accounts, the default
home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.

Role permissions

The following table describes the types of permissions that are assigned to roles.

Permission types

TABLE 20

Abbreviation Definition

Description

O

Observe

The user can run commands by using options that display information only,
such as running userConfig --show -a to show all users on a switch.

M

Modify

The user can run commands by using options that create, change, and delete
objects on the system, such as running the userConfig --change command
with the -r option to change a user’s role.

OM

Observe and Modify The user can run commands by using both observe and modify options; if a

role has modify permissions, it almost always has observe permissions.

N

None

The user is not allowed to run commands in a given category.

To view the permission type for categories of commands, use the classConfig command.

• Enter the classConfig --show -classlist command to list all command categories.
• Enter the classConfig --showroles command with the command category of interest as the

argument.

This command shows the permissions that apply to all commands in a specific category.

switch:admin> classconfig --showroles authentication

Roles that have access to the RBAC Class ‘authentication’ are:

Role name Permission

--------- ----------

Admin OM

Factory OM

Root OM

Security Admin OM

You can also use the classConfig --showcli command to show the permissions that apply to a specific
command.

Management channel

The management channel is the communication established between the management workstation and
the switch. The following table shows the number of simultaneous login sessions allowed for each role
when authenticated locally. The roles are displayed in alphabetic order, which does not reflect their
importance. When LDAP, RADIUS, or TACACS+ are used for authentication, the total number of
sessions on a switch may not exceed 32.

Maximum number of simultaneous sessions

TABLE 21

Role name

Maximum sessions

Admin

2

Role permissions

Fabric OS Administrators Guide

135

53-1003130-01

See also other documents in the category Brocade Computer Accessories: