beautypg.com

Assigning a user-defined role to a user, Local database user accounts, Default accounts – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 137

background image

The roleConfig --show command is available to view the permissions assigned to a user-defined role.
You can also use theclassConfig --showroles command to see that the role was indeed added with
Observe permission for the security commands.

switch:admin> classConfig --showroles security

Roles that have access to RBAC Class ‘security’ are:

Role Name Permissions

--------- -----------

User O

Admin OM

Factory OM

Root OM

SwitchAdmin O

FabricAdmin OM

BasicSwitchAdmin O

SecurityAdmin OM

mysecurityrole O

To delete a user-defined role, use the roleConfig --delete command.

Assigning a user-defined role to a user

You can assign a user-defined role to a user by using one of the following options of the userConfig
command:

userConfig --add with the -r option to create a new user account and assign a role.
userConfig --change with the -r option to add or change a user-defined role for an existing user

account.

userConfig --add with the -c option to create a new user account and assign a chassis role.
userConfig --change with the -c option to add a chassis role to an account.

The following example assigns the mysecurityrole role to the existing anewuser account and adds the
admin chassis role:

switch:admin> userConfig --change anewuser -r mysecurityrole -c admin

Local database user accounts

User add, change, and delete operations are subject to the subset rule: an admin with ADlist 0-10 or
LFlist 1-10 cannot perform operations on an admin , user , or any role with ADlist 11-25 or LFlist
11-128. The user account being changed must have an ADlist or LFlist that is a subset of the account
that is making the change.

In addition to the default administrative and user accounts, Fabric OS supports up to 252 user-defined
accounts in each switch (domain). These accounts expand your ability to track account access and
audit administrative activities.

Default accounts

The following table lists the predefined accounts offered by Fabric OS that are available in the local-
switch user database. The password for all default accounts should be changed during the initial
installation and configuration of each switch.

Assigning a user-defined role to a user

Fabric OS Administrators Guide

137

53-1003130-01

See also other documents in the category Brocade Computer Accessories: