Send documentation comments to mdsfeedback-doc@cisco.com
39-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 39 Configuring Users and Common Roles
Role-Based Authorization
About Roles
Each role can contain multiple users and each user can be part of multiple roles. For example, if role1
users are only allowed access to configuration commands, and role2 users are only allowed access to
debug commands, then if Joe belongs to both role1 and role2, he can access configuration as well as
debug commands.
Note If you belong to multiple roles, you can execute a union of all the commands permitted by these roles.
Access to a command takes priority over being denied access to a command. For example, suppose you
belong to a TechDocs group and you were denied access to configuration commands. However, you also
belong to the engineering group and have access to configuration commands. In this case, you will have
access to configuration commands.
Tip Any role, when created, does not allow access to the required commands immediately. The administrator
must configure appropriate rules for each role to allow access to the required commands.
Configuring Roles and Profiles
To create an additional role or to modify the profile for an existing role using Fabric Manager, follow
these steps:
Step 1 Expand Switches > Security and then select Users and Roles from the Physical Attributes pane. Click
the Roles tab in the Information pane.
You see the information as shown in Figure 39-1
Figure 39-1 Roles Tab in Users and Roles Screen
Step 2 Click Create Row to create a role in Fabric Manager.
To Next Page
Loading...
Need help?
General
