Dell Brocade G620 Brocade 8.0.1 Fabric OS Administratiors Guide - Page 145
Managing User Accounts, User accounts overview, Role-Based Access Control
![]() |
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 145 highlights
Managing User Accounts ∙ User accounts overview ...145 ∙ Local database user accounts...149 ∙ Local user account database distribution...151 ∙ Password policies...152 ∙ The boot PROM password...157 ∙ Remote authentication...160 User accounts overview In addition to the default permissions assigned to the roles of root, admin, and user, Fabric OS supports up to 252 additional user accounts on the chassis. These accounts expand your ability to track account access and audit administrative activities. NOTE Upon new installation of Fabric OS, the root user mus be enabled. Each user account is associated with the following: ∙ Permissions - Associate roles with each user account to determine the functional access levels. ∙ Virtual Fabric list - Specifies the Virtual Fabric a user account is allowed to log in to. ∙ Home Virtual Fabric - Specifies the Virtual Fabric that the user is logged in to, if available. The home Virtual Fabric must be a member of the user's Virtual Fabric list. If the fabric ID is not available, the next-lower valid fabric ID is used. ∙ LF Permission List - Determines functional access levels within the bounds of the user's Virtual Fabrics. ∙ Chassis role - Similar to switch-level roles, but applies to a different subset of commands. For more information about Virtual Fabrics, refer to Managing Virtual Fabrics on page 267. Fabric OS provides four options for authenticating users: remote RADIUS service, remote LDAP service, remote TACACS+ service, and the local-switch user database. All options allow users to be managed centrally by means of the following methods: ∙ Remote RADIUS service - Users are managed in a remote RADIUS server. All switches in the fabric can be configured to authenticate against the centralized remote database. ∙ Remote LDAP service - Users are managed in a remote LDAP server. All switches in the fabric can be configured to authenticate against the centralized remote database. The remote LDAP server can run Microsoft Active Directory or OpenLDAP. ∙ Remote TACACS+ service - Users are managed in a remote TACACS+ server. All switches in the fabric can be configured to authenticate against the centralized remote database. ∙ Local user database - Users are managed by means of the local user database. The local user database is manually synchronized by means of the distribute command to push a copy of the switch's local user database to all other switches in the fabric running Fabric OS v5.3.0 and later, but the distribute command is blocked if users with user-defined roles exist on the sending switch or on any remote, receiving switch. Role-Based Access Control Role-Based Access Control (RBAC) specifies the permissions that a user account has on the basis of the role the account has been assigned. For each role, a set of predefined permissions determines the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS uses RBAC to determine which commands a user is allowed to access. Brocade Fabric OS Administration Guide, 8.0.1 53-1004111-02 145
![](/manual_guide/products/dell-brocade-g620-brocade-801-fabric-os-administratiors-guide-fdaf46d/145.png)