Dell Brocade G620 Brocade 8.0.1 Fabric OS Command Reference - Page 28

Determining RBAC permissions for a specific command The following example shows how you can obtain permission information for the zone command. Suppose you want to know if a user with the SwitchAdmin role can create a zone. You issue the classconfig --showcli command for the zone command, which shows that the zone --add command belongs to the RBAC class "zoning". You then issue the classconfig --showroles command for the zoning RBAC class. The output shows that the SwitchAdmin role has 'Observe" (O) permissions only for any command in the zoning class. This means that the user with the SwitchAdmin role is not allowed to create zones. To allow this user to create a zone, you must change the user's access to any of the roles that have "observe and modify" (OM) access. Use the userConfig command to change the user's role or use the roleConfig command to create a custom role. switch:admin> classconfig --showcli zone CLI Option Permission RBAC Class Context zone Killall OM Debug vf zone evlogclear OM Debug vf zone evlogshow O Debug vf zone evlogtoggle OM Debug vf zone mergeshow O Debug vf zone stateshow O Debug vf zone activate OM Zoning vf zone add OM Zoning vf zone copy OM Zoning vf zone create OM Zoning vf zone deactivate OM Zoning vf (output truncated) switch:admin> classconfig --showroles zoning Roles that have access to the RBAC Class 'zoning' are: Role Name --------User Admin Factory Root Operator SwitchAdmin ZoneAdmin FabricAdmin BasicSwitchAdmin SecurityAdmin Permission ---------- O OM OM OM O O OM OM O O NOTE If a Role Name does not appear in the list, it indicates that the role is not available to the specified class and associated commands in that class are restricted and cannot be executed in that role. 4 Brocade Fabric OS Command Reference 53-1004112-02