Fabric OS Administrator's Guide

Supporting Fabric OS v7.4.0

Part Number: 53-1003509-04

Role-Based Access Control

Role-Based Access Control (RBAC) specifies the permissions that a user account has on the basis of the role the account has been assigned. For each role, a set of predefined permissions determines the jobs and tasks that can be performed on a fabric and its associated fabric elements. Fabric OS uses RBAC to determine which commands a user is allowed to access.

When you log in to a switch, your user account is associated with a predefined role or a user-defined role. The role that your account is associated with determines the level of access you have on that switch and in the fabric. The chassis role can also be associated with user-defined roles; it has permissions for RBAC classes of commands that are configured when user-defined roles are created. The chassis role is similar to a switch-level role, except that it affects a different subset of commands. You can use the userConfig command to add this permission to a user account.

The following table outlines the Fabric OS predefined (default) roles.

Table 17 Default Fabric OS roles

Role name

Duties

Description

Admin

All administration

All administrative commands

BasicSwitchAdmin

Restricted switch administration

Mostly monitoring with limited switch (local) commands

FabricAdmin

Fabric and switch administration

All switch and fabric commands, excluding user management and Admin Domains commands

Operator

General switch administration

Routine switch-maintenance commands.

SecurityAdmin

Security administration

All switch security and user management functions

SwitchAdmin

Local switch administration

Most switch (local) commands, excluding security, user management, and zoning commands

User

Monitoring only

Nonadministrative use, such as monitoring system activity

ZoneAdmin

Zone administration

Zone management commands only