Command rbac permissions and ad types – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 161

Advertising
background image

Fabric OS Encryption Administrator’s Guide (KMIP)

143

53-1002747-02

Command RBAC permissions and AD types

3

4. PortMember: allows all control operations only if the port or the local switch is part of the

current AD. View access is allowed if the device attached to the port is part of the current AD.

Command RBAC permissions and AD types

Two RBAC roles are permitted to perform Encryption operations.

Admin and SecurityAdmin

Users authenticated with the Admin and SecurityAdmin RBAC roles may perform cryptographic
functions assigned to the FIPS Crypto Officer, including the following:

-

Perform encryption node initialization.

-

Enable cryptographic operations.

-

Manage I/O functions for critical security parameters (CSPs).

-

Zeroize encryption CSPs.

-

Register and configure a key vault.

-

Configure a recovery share policy.

-

Create and register recovery share.

-

Perform encryption group- and clustering-related operations.

-

Manage keys, including creation, recovery, and archive functions.

Admin and FabricAdmin

Users authenticated with the Admin and FabricAdmin RBAC roles may perform routine
Encryption Switch management functions, including the following:

-

Configure virtual devices and crypto LUNs.

-

Configure LUN and tape associations.

-

Perform rekeying operations.

-

Perform firmware download.

-

Perform regular Fabric OS management functions.

See

Table 4

for the RBAC permissions when using the encryption configuration commands.

TABLE 4

Encryption command RBAC availability and admin domain type

1

Command name

User

Admin

Operator

Switch
Admin

Zone
Admin

Fabric
Admin

Basic
Switch
Admin

Security
Admin

Admin Domain

addmembernode

N

OM

N

N

N

N

N

OM

Disallowed

addhaclustermember

N

OM

N

N

N

OM

N

N

Disallowed

addinitiator

N

OM

N

N

N

OM

N

N

Disallowed

addLUN

N

OM

N

N

N

OM

N

N

Disallowed

commit

N

OM

N

N

N

OM

N

N

Disallowed

createcontainer

N

OM

N

N

N

OM

N

N

Disallowed

createencgroup

N

OM

N

N

N

N

N

OM

Disallowed

Advertising
Popular Brands
Popular manuals