The management channel, Managing user-defined roles, Creating a user-defined role – Dell POWEREDGE M1000E User Manual
Page 136: Table 14
136
Fabric OS Administrator’s Guide
53-1002745-02
User accounts overview
5
The management channel
The management channel is the communication established between the management
workstation and the switch.
shows the number of simultaneous login sessions allowed for
each role when authenticated locally. The roles are displayed in alphabetic order, which does not
reflect their importance. When LDAP, RADIUS, or TACACS+ are used for authentication, the total
number of sessions on a switch may not exceed 32.
Managing user-defined roles
Fabric OS provides an extensive toolset for managing user-defined roles:
•
The roleConfig command is available for defining new roles, deleting created roles, or viewing
information about user-defined roles.
•
The classConfig command is available for displaying RBAC information about each category or
class of commands, and includes an option to show all roles associated with a given RBAC
command category.
•
The userConfig command can be used to assign a user-defined role to a user account.
Creating a user-defined role
You can define a role as long as it has a unique name that is not the same as any of the Fabric OS
default roles, any other user-defined role, or any existing user account name.
The following conditions also apply:
•
A role name is case-insensitive and contains only letters.
•
The role name should have a minimum of 4 letters and can be up to 16 letters long.
•
The maximum number of user-defined roles that are allowed on a chassis is 256.
The roleConfig command can be used to define unique roles. You must have chassis-level access
and permissions to execute this command. The following example creates a user-defined role
called mysecurityrole. The RBAC class Security is added to the role, and the Observe permission is
assigned:
> roleconfig --add mysecurityrole -class security -perm O
Role added successfully
TABLE 14
Maximum number of simultaneous sessions
Role name
Maximum sessions
Admin
2
BasicSwitchAdmin
4
FabricAdmin
4
Operator
4
SecurityAdmin
4
SwitchAdmin
4
User
4
ZoneAdmin
4