Dell PowerEdge M420 8/4 Gbps FC SAN Module Administrator's Guide - Page 46

Understanding Virtual Fabric restrictions

Get Dell PowerEdge M420 PDF manuals and user guides View all Dell PowerEdge M420 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 46 highlights

B Understanding Virtual Fabric restrictions Understanding Virtual Fabric restrictions In OS v6.2.0 and later, all commands are subject to additional RBAC enforcement with regard to Virtual Fabric contexts and switch types. Commands can be executed in one or more of the contexts described in Table 7. Execution of chassis commands requires chassis permissions. TABLE 7 Virtual Fabric contexts Context type Definition Switch context Command applies to the current logical switch only, or to a specified logical switch. Chassis context Command applies to the chassis on which it is executed. Switch and Chassis Command can be executed in a logical switch context or in context a chassis context. Disallowed Command is not supported in Virtual Fabric mode. Switch commands are further defined by the switch type restrictions as described in Table 8. Switch type restrictions are not applicable to commands that require chassis permissions. TABLE 8 Switch Types Switch Type Definition All Switches Command can be executed in any switch context. Base Switch Only Command can be executed only on the base switch. Default Switch Only Command can be executed only on the default switch. N/A Command is a chassis command or not supported in Virtual Fabric mode. In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions apply to the RBAC permissions specified in Table 6. Refer to userConfig help for more information on configuring user account access permissions in a Virtual Fabric environment. • Any given role is allowed to execute all switch commands to which the role is authorized in the account's home context. The default home context is the default logical fabric FID 128. • You can change an account's home context to a specified FID and configure the account permissions to access additional Logical Switches specified in the user's Fabric ID list. • Accounts with user or admin permissions can be granted chassis permissions. A user account with the chassis role can execute chassis-level commands at the user RBAC access level. An admin account with the chassis role can execute chassis-level commands at the admin RBAC access level. 32 Dell 8/4Gbps FC SAN Module Administrator's Guide 53-1001345-01

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
32
Dell 8/4Gbps FC SAN Module Administrator’s Guide
53-1001345-01
Understanding Virtual Fabric restrictions
B
Understanding Virtual Fabric restrictions
In OS v6.2.0 and later, all commands are subject to additional RBAC enforcement with regard to
Virtual Fabric contexts and switch types. Commands can be executed in one or more of the
contexts described in
Table 7
.
Execution of chassis commands requires chassis permissions.
Switch commands are further defined by the switch type restrictions as described in
Table 8
.
Switch type restrictions are not applicable to commands that require chassis permissions.
In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions
apply to the RBAC permissions specified in
Table 6
. Refer to
userConfig
help for more information
on configuring user account access permissions in a Virtual Fabric environment.
Any given role is allowed to execute all switch commands to which the role is authorized in the
account’s home context. The default home context is the default logical fabric FID 128.
You can change an account’s home context to a specified FID and configure the account
permissions to access additional Logical Switches specified in the user’s Fabric ID list.
Accounts with user or admin permissions can be granted chassis permissions. A user account
with the chassis role can execute chassis-level commands at the user RBAC access level. An
admin account with the chassis role can execute chassis-level commands at the admin RBAC
access level.
TABLE 7
Virtual Fabric contexts
Context type
Definition
Switch context
Command applies to the current logical switch only, or to a
specified logical switch.
Chassis context
Command applies to the chassis on which it is executed.
Switch and Chassis
context
Command can be executed in a logical switch context or in
a chassis context.
Disallowed
Command is not supported in Virtual Fabric mode.
TABLE 8
Switch Types
Switch Type
Definition
All Switches
Command can be executed in any switch context.
Base Switch Only
Command can be executed only on the base switch.
Default Switch Only
Command can be executed only on the default switch.
N/A
Command is a chassis command or not supported in
Virtual Fabric mode.