Dell PowerEdge M420 8/4 Gbps FC SAN Module Administrator's Guide - Page 46
Understanding Virtual Fabric restrictions
View all Dell PowerEdge M420 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 46 highlights
B Understanding Virtual Fabric restrictions Understanding Virtual Fabric restrictions In OS v6.2.0 and later, all commands are subject to additional RBAC enforcement with regard to Virtual Fabric contexts and switch types. Commands can be executed in one or more of the contexts described in Table 7. Execution of chassis commands requires chassis permissions. TABLE 7 Virtual Fabric contexts Context type Definition Switch context Command applies to the current logical switch only, or to a specified logical switch. Chassis context Command applies to the chassis on which it is executed. Switch and Chassis Command can be executed in a logical switch context or in context a chassis context. Disallowed Command is not supported in Virtual Fabric mode. Switch commands are further defined by the switch type restrictions as described in Table 8. Switch type restrictions are not applicable to commands that require chassis permissions. TABLE 8 Switch Types Switch Type Definition All Switches Command can be executed in any switch context. Base Switch Only Command can be executed only on the base switch. Default Switch Only Command can be executed only on the default switch. N/A Command is a chassis command or not supported in Virtual Fabric mode. In a Virtual Fabric environment where contexts are enforced, the following Virtual Fabric restrictions apply to the RBAC permissions specified in Table 6. Refer to userConfig help for more information on configuring user account access permissions in a Virtual Fabric environment. • Any given role is allowed to execute all switch commands to which the role is authorized in the account's home context. The default home context is the default logical fabric FID 128. • You can change an account's home context to a specified FID and configure the account permissions to access additional Logical Switches specified in the user's Fabric ID list. • Accounts with user or admin permissions can be granted chassis permissions. A user account with the chassis role can execute chassis-level commands at the user RBAC access level. An admin account with the chassis role can execute chassis-level commands at the admin RBAC access level. 32 Dell 8/4Gbps FC SAN Module Administrator's Guide 53-1001345-01