Fabric OS Administrator's Guide

Supporting Fabric OS v7.4.0

Part Number: 53-1003509-04

Role-Based Access Control

Role-Based Access Control (RBAC) specifies the permissions that a user account has on the basis of the role the account has been assigned. For each role, a set of predefined permissions determines the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS uses RBAC to determine which commands a user is allowed to access.

When you log in to a switch, your user account is associated with a predefined role or a user-defined role. The role that your account is associated with determines the level of access you have on that switch and in the fabric. The chassis role can also be associated with user-defined roles; it has permissions for RBAC classes of commands that are configured when user-defined roles are created. The chassis role is similar to a switch-level role, except that it affects a different subset of commands. You can use the userConfig command to add this permission to a user account.

The following table outlines the Fabric OS predefined (default) roles.

Table 17 Default Fabric OS roles

Role name




All administration

All administrative commands


Restricted switch administration

Mostly monitoring with limited switch (local) commands


Fabric and switch administration

All switch and fabric commands, excluding user management and Admin Domains commands


General switch administration

Routine switch-maintenance commands.


Security administration

All switch security and user management functions


Local switch administration

Most switch (local) commands, excluding security, user management, and zoning commands


Monitoring only

Nonadministrative use, such as monitoring system activity


Zone administration

Zone management commands only