network-operator
Complete read access to the switch.
If you belong to multiple roles, you can execute a combination of all the commands permitted by these
roles. Access to a command takes priority over being denied access to a command. For example, suppose
a user has RoleA, which denied access to the configuration commands. However, the user also has RoleB,
which has access to the configuration commands. In this case, the user has access to the configuration
commands.
Note
Only network-admin user can perform a Checkpoint or Rollback in the RBAC roles. Though other users
have these commands as a permit rule in their role, the user access is denied when you try to execute these
commands.
Note
Predefined SAN Admin User Role
The SAN admin user role is a noneditable, predefined user role that is designed to provide separation between
LAN and SAN administrative tasks. Users that have been assigned the SAN admin user role have read-only
access to all Ethernet configuration tasks. Write access for Ethernet features is not granted to SAN admin
users unless it is assigned to them through another user role.
The following capabilities are permitted to SAN admin users:
•
Interface configuration
•
Attribute configuration for Fibre Channel Unified Ports, except creation and deletion
•
VSAN configuration, including database and membership
•
Mapping of preconfigured VLANs for FCoE to VSANs
•
Zoning configuration
•
Configuration of SNMP-related parameters, except SNMP community and SNMP users
•
Read-only access to all other configurations
•
Configuration and management of SAN features such as the following:
â—¦
FC-SP
â—¦
FC-PORT-SECURITY
â—¦
FCoE
â—¦
FCoE-NPV
â—¦
FPORT-CHANNEL-TRUNK
â—¦
PORT-TRACK
â—¦
FABRIC-BINDING
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x
70 OL-31641-01
Configuring User Accounts and RBAC
User Roles
To Next Page
Loading...
