HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 56
Using Role-Based Access Control RBAC
View all HP StorageWorks 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 56 highlights
Using Role-Based Access Control (RBAC) Role-Based Action Control (RBAC) defines the capabilities that a user account has based on the role the account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS 6.1.x uses RBAC to determine which commands a user can issue. When you log in to a switch, your user account is associated with a pre-defined role. The role that your account is associated with determines the level of access you have on that switch and in the fabric. Table 8 outlines the Fabric OS predefined roles. Table 8 Fabric OS 6.1.x roles Role name Fabric OS version Duties Description Admin BasicSwitchAdmin All 5.2.0 and later All administration Restricted switch administration All administrative commands. Mostly monitoring with limited switch (local) commands. FabricAdmin 5.2.0 and later Fabric and switch administration All switch and fabric commands, excludes user management and Administrative Domains commands. Operator SecurityAdmin 5.2.0 and later 5.3.0 and later General switch administration Restricts security functions Routine switch maintenance commands. All switch security and user management functions. SwitchAdmin User 5.0.0 and later All Local switch administration Monitoring only Most switch (local) commands, excludes security, user management, and zoning commands. Nonadministrative use, such as monitoring system activity. ZoneAdmin 5.2.0 and later Zone administration Zone management commands only. You can perform these operations only on the primary FCS switch. For legacy users with no Admin Domain specified, the user will have access to AD 0 through 255 (physical fabric admin) if their current role is Admin; otherwise, the user will have access to AD0 only. If some Admin Domains have been defined for the user and all of them are inactive, the user will not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides a default home domain. The default home domain for the predefined account is AD0. For user-defined accounts, the default home domain is the Admin Domain in the user's Admin Domain list with the lowest ID. 56 Managing user accounts