beautypg.com

Encryption commands and permissions – Dell POWEREDGE M1000E User Manual

Page 1064

background image

1032

Fabric OS Command Reference

53-1001764-02

Encryption commands and permissions

A

4. Virtual Fabric availability: If Virtual Fabrics are enabled, commands are checked for context

and switch type as follows:

Virtual Fabric context (VF) = Command applies to the current logical switch only, or to a
specified logical switch.
Virtual Fabric commands are further constrained by one of the following switch types:

All Switches (All) = Command can be run in any switch context.

Base Switch (BS) = Command can be run only on the base switch

Default Switch ((DS) = Command can be run only in default switch

N/A = Switch Type is not applicable to the command.

Chassis context (CH)= Command applies to the chassis on which it is executed.

Switch and Chassis context (VF/CH) = Command applies to the switch and the chassis.

Disallowed = Command can not be executed when Virtual Fabrics are enabled.

5. Command-specific: checks whether the command is supported on the platform for which it is

targeted.

Encryption commands and permissions

There are two RBAC roles that are permitted to perform Encryption operations.

1. Admin and SecurityAdmin

Users authenticated with the Admin and SecurityAdmin RBAC roles may perform cryptographic
functions assigned to the FIPS Crypto Officer including the following:

Perform encryption node initialization.

Enable cryptographic operations.

Manage critical security parameters (CSP) input/output functions.

Zeroize encryption CSPs.

Register and configure a key vault.

Configure a recovery share policy.

Create and register recovery share.

Encryption group- and clustering-related operations.

Manage keys, including creation, recovery, and archiving functions.

2. Admin and FabricAdmin

Users authenticated with the Admin and FabricAdmin RBAC roles may perform routine
encryption switch management functions including the following:

Configure virtual devices & crypto LUN.

Configure LUN/tape associations.

Perform re-keying operations.

Perform firmware download.

Perform regular Fabric OS management functions.

Refer to

Table 29

for the RBAC permissions of the encryption configuration commands.