Configuration examples – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 219

Advertising

Network OS NETCONF Operations Guide

187

53-1003231-02

Command access rules

Configuration examples

The following configuration examples illustrate the step-by-step configuration of two frequently
used administrative accounts: Brocade VCS Fabric security administrator, and FCoE Fabric
administrator.

Configuring a Brocade VCS Fabric security administrator account

The following example create a role for a Brocade VCS Fabric security administrator, creates a user
account and associates it with the newly created role, and creates rules to specify the RBAC
permissions for the NetworkSecurityAdmin role.

This example grants the secAdminUser account access to the configuration-level commands role,
rule, username, aaa, and radius-server. Any account associated with the NetworkSecurityAdmin
role can now create and modify user accounts, manage roles, and define rules. In addition, the role
permits configuring a RADIUS server and setting the login sequence.

<?xml version="1.0" encoding="UTF-8"?>

<edit-config>

</target>

<name>

<name>NetworkSecurityAdmin</name>

<desc>Manages security</desc>

</name>

</role>

<name>secAdminUser</name>

<role>NetworkSecurityAdmin</role>

<user-password>testpassword</user-password>

</username>

<action>accept</action>

<operation>read-write</operation>

<role>NetworkSecurityAdmin</role>

</command>

</rule>

<action>accept</action>

<operation>read-write</operation>

<role>NetworkSecurityAdmin</role>

</command>

</rule>

<action>accept</action>

<operation>read-write</operation>

<role>NetworkSecurityAdmin</role>

Advertising