Default roles, User-defined roles, Default roles user-defined roles – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

switch# show running-config password-attributes

password-attributes max-retry 4

password-attributes character-restriction numeric 1

password-attributes character-restriction special-char 1

switch# configure terminal

switch(config)# no password-attributes special-char

switch(config)# exit

switch# show running-config password-attributes

% No entries found.

Understanding and managing role-based access control (RBAC)

Network OS uses role-based access control (RBAC) as the authorization mechanism. You can create
roles dynamically and associate them with rules to define the permissions applicable to a particular role.
Every user account must be associated with a role, and only a single role can be associated with any
given account.

RBAC specifies access rights to resources. When a user executes a command, privileges are evaluated
to determine access to the command based on the role of the user.

In logical chassis cluster mode, the configuration is applied to all nodes in the cluster.

Default roles

All Brocade VDX switches support two default roles, "user" and "admin." You cannot modify the
attributes of default roles; however, you can assign the default roles to non-default user accounts. The
default roles have the following access privileges:

• The user role has limited privileges that are restricted to executing show commands in privileged

EXEC mode, as well as the following operational commands: ping, ssh, telnet, and traceroute.
User accounts associated with the user role cannot access configuration commands that are
available only in global configuration mode.

• The admin role has the highest privileges. All commands available in privileged EXEC mode and in

global configuration mode are accessible to the user associated with the admin role.

With a new switch, only the admin user account has access to perform user and role management
operations. The admin user can create any roles and configure those roles for access to user and role
management operations.

User-defined roles

In addition to the default roles, Network OS supports the creation of user-defined roles. A user-defined
role starts from a basic set of privileges which are then refined by adding special rules. When you have
created a role, you can assign a name to the role and then associate the role to one or more user
accounts.

The following tools are available for managing user-defined roles:

• The role command defines new roles and deletes user-defined roles.
• The rule command allows you to specify access rules for specific operations and assign these rules

to a given role.

• The username command associates a given user-defined role with a specific user account.

Understanding and managing role-based access control (RBAC)

Network OS Administrator’s Guide

269

53-1003225-04