18
Brocade SMI Agent User’s Guide
53-1001778-01
Access control
3
Access control
An SMI client uses a two-level login: one login to the SMI-A and another login to the proxy switch to
gain access to a fabric. The SMI-A has a limitation of one connection per fabric, so all SMI clients
share the same connection to a fabric even if they have different Role-Based Access Control (RBAC)
roles.
To enable SMI clients to have different RBAC roles, you can map each SMI client to a different
switch user. With this mapping, SMI clients can have different RBAC roles, even though they share
the same connection to the fabric.
For additional information about RBAC roles, see the
Brocade SMI Agent Developer’s Guide
.
The Brocade SMI Agent Configuration Tool has two Access Control options:
•
User Mapping
•
Default User Mapping
The User Mapping option allows you to map specific SMI-A users to specific switch user names. The
Default User Mapping option allows you to set up the mapping for all other SMI-A users. Using
these two options, you can restrict access to specific SMI-A users. For example, in the User
Mapping section you can specify a few SMI-A users who have admin-level access and give all the
other SMI-A users user-level access in the Default User Mapping section.
TABLE 1
Login failure status messages
LoginAsUser Return Code
Status message in Proxies panel
Description
RT_NOT_SUPPORTED
Not supported
Access protocol is not supported.
RT_ALREADY_EXISTS
Duplicate Connection
Attempt to make an additional
connection to an already connected
switch, or an attempt to make a
connection to a switch in a fabric that is
already connected through another
switch.
RT_PWD_EXPIRED
Password Expired
Login failed due to password expired.
RT_ACCOUNT_LOCKOUT
Account Lockout
Login account is locked out.
RT_ACCOUNT_DISABLED
Account Disabled
Login account is disabled.
RT_TIMEOUT
Connection Timed Out
Connection timed out.
RT_FAILED
Connection Failed
RT_SUCCESS
Connected
Login successful.
RT_INVALID_PARAMETER
Invalid Connection Parameter
Some connection parameters are invalid.
RT_INSUFFICIENT_VF_
MEMBERSHIP
Insufficient VF Membership
Login failed due to insufficient VF (user
does not have admin/chassis access
across VF) membership.
RT_INSUFFICIENT_USER_ROLE Insufficient User Role
Login failed due to insufficient user role.
RT_INVALID_PASSWORD
Invalid Password
Login failed due to invalid
username/password.
RT_NOT_ENOUGH_RPC_
HANDLES
Not Enough RPC Handles
Login failed due to insufficient number of
RPC handles (20 max).