HP Brocade 8/12c Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864 - Page 111
Command RBAC permissions and AD types
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 111 highlights
Command RBAC permissions and AD types 3 Command RBAC permissions and AD types There are two RBAC roles that are permitted to perform Encryption operations. 1. Admin and SecurityAdmin Users authenticated with the Admin and SecurityAdmin RBAC roles may perform cryptographic functions assigned to the FIPS Crypto Officer including the following: • Perform encryption node initialization. • Enable cryptographic operations. • Manage input/output functions of critical security parameters (CSPs). • Zeroize encryption CSPs. • Register and configure a key vault. • Configure a recovery share policy. • Create and register recovery share. • Perform encryption group- and clustering-related operations. • Manage keys, including creation, recovery, and archiving functions. 2. Admin and FabricAdmin Users authenticated with the Admin and FabricAdmin RBAC roles may perform routine Encryption Switch management functions including the following: • Configure virtual devices and crypto LUNs. • Configure LUN and tape associations. • Perform re-keying operations. • Perform firmware download. • Perform regular Fabric OS management functions. Refer to Table 4 for the RBAC permissions of the encryption configuration commands. TABLE 4 Encryption command RBAC availability and admin domain type1 Command name User Admin Operator Switch Zone Fabric Admin Admin Admin addgroupmember addmembernode addhaclustermember addinitiator addLUN commit createcontainer createencgroup createhacluster N OM N N N O N OM N N N O N OM N N N OM N OM N N N OM N OM N N N OM N OM N N N OM N OM N N N OM N OM N N N O N OM N N N OM Basic Switch Admin N N N N N N N N N Security Admin Domain Admin OM Disallowed OM Disallowed O Disallowed O Disallowed O Disallowed O Disallowed O Disallowed OM Disallowed O Disallowed Fabric OS Encryption Administrator's Guide 93 53-1001864-01