Fabric OS Administrator’s Guide 83
53-1002446-01
User accounts overview
5
If some Admin Domains have been defined for the user and all of them are inactive, the user will
not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the
system provides a default home domain.
The default home domain for the predefined account is AD0. For user-defined accounts, the default
home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.
Role permissions
Table 12 describes the types of permissions that are assigned to roles.
To view the permission type for categories of commands, use the classConfig command:
1. Enter the classConfig
--show -classlist command to list all command categories.
2. Enter the classConfig
--showroles command with the command category of interest as the
argument.
This command shows the permissions that apply to all commands in a specific category. For
example:
classconfig --showroles authentication
Roles that have access to the RBAC Class ‘authentication’ are:
Role name Permission
--------- ----------
Admin OM
Factory OM
Root OM
Security Admin OM
You can also use the classConfig --showcli command to show the permissions that apply to a
specific command.
The management channel
The management channel is the communication established between the management
workstation and the switch. Table 13 shows the number of simultaneous login sessions allowed for
each role when authenticated locally. The roles are displayed in alphabetic order which does not
reflect their importance. When authenticating using LDAP or RADIUS, the total number of sessions
on a switch may not exceed 32.
TABLE 12 Permission types
Abbreviation Definition Description
O Observe The user can run commands using options that display information only, such as
running userConfig --show -a to show all users on a switch.
M Modify The user can run commands using options that create, change, and delete objects
on the system, such as running userConfig --change username -r rolename to
change a user’s role.
OM Observe and
Modify
The user can run commands using both observe and modify options; if a role has
modify permissions, it almost always has observe.
N None The user is not allowed to run commands in a given category.
To Next Page
Loading...
Need help?
General