beautypg.com

Understanding virtual fabric restrictions – Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 33

background image

Fabric OS Command Reference

3

53-1003131-01

Understanding Virtual Fabric restrictions

1

Perform firmware download.

Perform regular Fabric OS management functions.

For a listing of RBAC permissions for cryptoCfg subcommands, refer to the Fabric OS Encryption
Adminsitrator’s Guide.

Understanding Virtual Fabric restrictions

All Fabric OS commands are subject to additional RBAC enforcement with regard to Virtual Fabric
contexts and switch types. Commands can be executed in one or more of the contexts described in

Table 3

. Execution of chassis commands requires chassis permissions.

Switch commands are further defined by the switch type restrictions as described in

Table 4

.

Switch type restrictions are not applicable to commands that require chassis permissions.

In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions
apply to the RBAC permissions specified in

Table 2

. Refer to the userConfig command for more

information on configuring user account access permissions in a Virtual Fabric environment.

Any given role is allowed to execute all switch commands to which the role is authorized in the
account’s home context. The default home context is the default logical fabric FID 128.

You can change an account’s home context to a specified FID and configure the account
permissions to access additional logical switches specified in the user’s Fabric ID list.

Accounts with user or admin permissions can be granted chassis permissions. A user account
with the chassis role can execute chassis-level commands at the user RBAC access level. An
admin account with the chassis role can execute chassis-level commands at the admin RBAC
access level.

Use the classConfig --showcli command to look up the Virtual Fabrics context for a specified
command. Refer to

Appendix A, “Command Availability,”

for a complete listing of Virtual Fabric

restrictions that apply to the commands included in this manual.

TABLE 3

Virtual Fabric contexts

Context type

Definition

Switch context

Command applies to the current logical switch only, or to a specified
logical switch.

Chassis context

Command applies to the chassis on which it is executed.

Switch and chassis
context

Command can be executed in a logical switch context or in a chassis
context.

Disallowed

Command is not supported in Virtual Fabric mode.

TABLE 4

Switch types

Switch type

Definition

All Switches

Command can be executed in any switch context.

Base Switch Only

Command can be executed only on the base switch.

Default Switch Only

Command can be executed only on the default switch.

N/A

Command is a chassis command or not supported in Virtual Fabric
mode.

See also other documents in the category Brocade Computer Accessories: