HP StorageWorks 8/24 HP StorageWorks Fabric OS 5.2.x administrator guide (5697 - Page 138
Assigning a user to an admin domain, To create a new user account for managing Admin Domains
View all HP StorageWorks 8/24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 138 highlights
4. Optional: To end the transaction now, enter ad --save to save the Admin Domain definition or enter ad --apply to save the Admin Domain definition and directly apply the definitions to the fabric. The following example creates Admin Domain AD1, consisting of two switches, which are designated by domain ID and switch WWN. sw5:AD255:admin> ad --create AD1 -s "97; 10:00:00:60:69:80:59:13" The following example creates Admin Domain "blue_ad," consisting of two switch ports (designated by (domain, port)), one device (designated by device WWN), and two switches (designated by domain ID and switch WWN). sw5:AD255:admin> ad --create blue_ad -d "100,5; 1,3; 21:00:00:e0:8b:05:4d:05; -s "97; 10:00:00:60:69:80:59:13" Assigning a user to an admin domain After you create an Admin Domain, you can specify one or more user accounts as the valid accounts who can use that Admin Domain. You create these user accounts using the userConfig command. User accounts have the following characteristics with regard to Admin Domains: • A user account can only have a single role. You can choose roles from the one of the seven types of roles, either the existing user and administrator role or one of the other RBAC roles. • You can configure a user account to have access to the physical fabric through AD255 and to a list of Admin Domains (AD0-AD254). • You can configure a user account to have access to only a subset of your own Admin Domain list. Only a physical fabric administrator can create another physical fabric administrator user account. • Users capable of using multiple Admin Domains, can designate one of these Admin Domains as the home Admin Domain, which is the default Admin Domain context after login. • If you do not specify one, the home Admin Domain is the lowest valid Admin Domain in the numerically-sorted AD list. • Users can log in to their Admin Domains and create their own Admin Domain-specific zones and zone configurations. • Adding an Admin Domain list, home Admin Domain, and role to a user configuration is backward compatible with pre-Fabric OS 5.2.x firmware. When you downgrade to pre-Fabric OS 5.2.x firmware, the userConfig command records are interpreted using legacy logic. To create a new user account for managing Admin Domains 1. Connect to the switch and log in as admin. 2. Enter the userconfig --add command using the -r option to set the role, the -a option to provide access to Admin Domains, and the -h option to specify the home Admin Domain. userconfig --add username -r role -h home_AD -a "AD_list" where username is the name of the account, role is the user account role, home_AD is the home Admin Domain, and AD_list is the list of Admin Domains to which the user account will have access. The following example creates new user account ad1admin with an admin role and assigns one Admin Domain, blue_ad1, to it. This example also assigns blue_ad1 as the user's home Admin Domain. sw5:admin> userconfig --add ad1admin -r admin -h blue_ad1 -a "blue_ad1" The following example creates new user account ad2admin with an admin role, access to Admin Domains 1 and 2, and home Admin Domain set to 2. sw5:admin> userconfig --add ad2admin -r admin -h 2 -a "1,2" 138 Managing administrative domains