HP AE370A HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March - Page 56
Using Role-Based Access Control (RBAC), Table 8 Fabric OS 6.x roles, Role name, Fabric OS version
![]() |
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 56 highlights
Using Role-Based Access Control (RBAC) Role-Based Action Control (RBAC) defines the capabilities that a user account has based on the role the account has been assigned. For each role, there is a set of pre-defined permissions on the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS 6.x uses RBAC to determine which commands a user can issue. When you log in to a switch, your user account is associated with a pre-defined role. The role that your account is associated with determines the level of access you have on that switch and in the fabric. Table 8 outlines the Fabric OS predefined roles. Table 8 Fabric OS 6.x roles Role name Admin BasicSwitchAdmin FabricAdmin Operator SecurityAdmin SwitchAdmin User ZoneAdmin Fabric OS version Duties All All administration 5.2.0 and later Restricted switch administration 5.2.0 and later Fabric and switch administration 5.2.0 and later 5.3.0 and later 5.0.0 and later General switch administration Restricts security functions Local switch administration All Monitoring only 5.2.0 and later Zone administration Description All administrative commands. Mostly monitoring with limited switch (local) commands. All switch and fabric commands, excludes user management and Administrative Domains commands. Routine switch maintenance commands. All switch security and user management functions. Most switch (local) commands, excludes security, user management, and zoning commands. Nonadministrative use, such as monitoring system activity. Zone management commands only. You can perform these operations only on the primary FCS switch. For legacy users with no Admin Domain specified, the user will have access to AD 0 through 255 (physical fabric admin) if their current role is Admin; otherwise, the user will have access to AD0 only. If some Admin Domains have been defined for the user and all of them are inactive, the user will not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the system provides a default home domain. The default home domain for the predefined account is AD0. For user-defined accounts, the default home domain is the Admin Domain in the user's Admin Domain list with the lowest ID. 54 Managing user accounts
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-6x-administrator-guide-56977344-2008-49030e5/56.png)