Brocade Communications Systems 53-1002745-02 Marine Radio User Manual


  Open as PDF
of 666
 
Fabric OS Administrator’s Guide 135
53-1002745-02
User accounts overview
5
Admin Domain considerations
Legacy users with no Admin Domain specified and whose current role is admin will have access to
AD0 through AD255 (physical fabric admin); otherwise, they will have access to AD0 only.
If some Admin Domains have been defined for the user and all of them are inactive, the user will
not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the
system provides a default home domain.
The default home domain for the predefined account is AD0. For user-defined accounts, the default
home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.
Role permissions
Table 13 describes the types of permissions that are assigned to roles.
To view the permission type for categories of commands, use the classConfig command:
1. Enter the classConfig
--show -classlist command to list all command categories.
2. Enter the classConfig
--showroles command with the command category of interest as the
argument.
This command shows the permissions that apply to all commands in a specific category. For
example:
> classconfig --showroles authentication
Roles that have access to the RBAC Class ‘authentication’ are:
Role name Permission
--------- ----------
Admin OM
Factory OM
Root OM
Security Admin OM
You can also use the classConfig --showcli command to show the permissions that apply to a
specific command.
TABLE 13 Permission types
Abbreviation Definition Description
O Observe The user can run commands by using options that display information only, such as
running userConfig --show -a to show all users on a switch.
M Modify The user can run commands by using options that create, change, and delete
objects on the system, such as running userConfig --change username -r rolename
to change a user’s role.
OM Observe and
Modify
The user can run commands by using both observe and modify options; if a role has
modify permissions, it almost always has observe permissions.
N None The user is not allowed to run commands in a given category.
 previous next