Managing user-defined roles, Creating a user-defined role – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Maximum number of simultaneous sessions (Continued)

TABLE 21

Role name

Maximum sessions

BasicSwitchAdmin

4

FabricAdmin

4

Operator

4

SecurityAdmin

4

SwitchAdmin

4

User

4

ZoneAdmin

4

Managing user-defined roles

Fabric OS provides an extensive toolset for managing user-defined roles:

• The roleConfig command is available for defining new roles, deleting created roles, or viewing

information about user-defined roles.

• The classConfig command is available for displaying RBAC information about each category or

class of commands, and includes an option to show all roles associated with a given RBAC
command category.

• The userConfig command can be used to assign a user-defined role to a user account.

Creating a user-defined role

You can define a role as long as it has a unique name that is not the same as any of the Fabric OS
default roles, any other user-defined role, or any existing user account name.

The following conditions also apply:

• A role name is case-insensitive and contains only letters.
• The role name should have a minimum of 4 letters and can be up to 16 letters long.
• The maximum number of user-defined roles that are allowed on a chassis is 256.

The roleConfig command can be used to define unique roles. You must have chassis-level access
and permissions to execute this command. The following example creates a user-defined role called
mysecurityrole. The RBAC class Security is added to the role, and the Observe permission is
assigned:

switch:admin> roleconfig --add mysecurityrole -class security -perm O

Role added successfully

The assigned permissions can be no higher than the admin role permission assigned to the class. The
admin role permission for the Security class is Observe/Modify. Therefore, the Observe permission is
valid.

Managing user-defined roles

136

Fabric OS Administrators Guide

53-1003130-01