HP AE370A HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 20 - Page 68
Role permissions
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 68 highlights
account using the userConfig command to add this permission to a user account. For clarity, this permission has been added to Table 8 which describes the Fabric OS predefined roles. Table 8 Fabric OS roles Role name Fabric OS version Duties Description Admin All BasicSwitchAdmin 5.2.0 and later All administration Restricted switch administration All administrative commands excluding chassis-specific commands Mostly monitoring with limited switch (local) commands Chassis-role permission FabricAdmin Operator SecurityAdmin SwitchAdmin 6.2.0 5.2.0 and later 5.2.0 and later 5.3.0 and later 5.0.0 and later Chassis-specific configuration Fabric and switch administration General switch administration Security administration Local switch administration A role-permission applied only to the user account through the userConfig command. All switch and fabric commands, excluding user management and Admin Domains commands. Routine switch maintenance commands. All switch security and user management functions. Most switch (local) commands, excluding security, user management, and zoning commands. User ZoneAdmin All 5.2.0 and later Monitoring only Zone administration Non-administrative use, such as monitoring system activity. Zone management commands only. Admin Domain considerations: Legacy users with no Admin Domain specified, whose current role is admin will have access to AD0 through 255 (physical fabric admin); otherwise, they will have access to AD0 only. If some Admin Domains have been defined for the user and all of them are inactive, the user will not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides a default Home Domain. The default home domain for the predefined account is AD0. For user-defined accounts, the default Home Domain is the Admin Domain in the user's Admin Domain list with the lowest ID. Role permissions Table 9 describes the types of permissions that are assigned to roles. Table 9 Permission types Abbreviation Definition Description O Observe The user can run commands using options that display information only, such as running userConfig --show -a to show all users on a switch. M Modify The user can run commands using options that create, change, and delete objects on the system, such as running userConfig --change username -r rolename to change a user's role. OM Observe and The user can run commands using both observe and modify Modify options; if a role has modify permissions, it almost always has observe. N None The user is not allowed to run commands in a given category. 68 Managing user accounts