Admin domain considerations, Role permissions, Table 13 – Dell POWEREDGE M1000E User Manual

Page 135

Advertising
background image

Fabric OS Administrator’s Guide

135

53-1002745-02

User accounts overview

5

Admin Domain considerations

Legacy users with no Admin Domain specified and whose current role is admin will have access to
AD0 through AD255 (physical fabric admin); otherwise, they will have access to AD0 only.

If some Admin Domains have been defined for the user and all of them are inactive, the user will
not be allowed to log in to any switch in the fabric. If no Home Domain is specified for a user, the
system provides a default home domain.

The default home domain for the predefined account is AD0. For user-defined accounts, the default
home domain is the Admin Domain in the user’s Admin Domain list with the lowest ID.

Role permissions

Table 13

describes the types of permissions that are assigned to roles.

To view the permission type for categories of commands, use the classConfig command:

1. Enter the classConfig

--

show -classlist command to list all command categories.

2. Enter the classConfig

--

showroles command with the command category of interest as the

argument.

This command shows the permissions that apply to all commands in a specific category. For
example:

> classconfig --showroles authentication
Roles that have access to the RBAC Class ‘authentication’ are:

Role name

Permission

---------

----------

Admin

OM

Factory

OM

Root

OM

Security Admin

OM

You can also use the classConfig

--

showcli command to show the permissions that apply to a

specific command.

TABLE 13

Permission types

Abbreviation

Definition

Description

O

Observe

The user can run commands by using options that display information only, such as
running userConfig --show -a to show all users on a switch.

M

Modify

The user can run commands by using options that create, change, and delete
objects on the system, such as running userConfig --change username -r rolename
to change a user’s role.

OM

Observe and
Modify

The user can run commands by using both observe and modify options; if a role has
modify permissions, it almost always has observe permissions.

N

None

The user is not allowed to run commands in a given category.

Advertising
Popular Brands
Popular manuals