Fabric OS Command Reference
867
53-1001764-01
roleConfig
2
roleConfig
Manages user-defined roles.
SYNOPSIS
roleconfig --add
role_name
[
-desc
description
]
[
-class
rbac_class_list
] [
-perm
permission
]
roleconfig --change
role_name
[
-class
rbac_class_list
-perm
permission
[
-desc
description
roleconfig --delete
role_name
[
-force
]
roleconfig --copy
new_role
-role
source_role
roleconfig --show
role_name
|
-all
[
default
]
roleconfig --help
DESCRIPTION
Use this command to create or modify user-defined roles, to define permissions for these roles based on
role-based access control (RBAC) permissions and meta-object format (MOF) classes, and to display
the configured roles. Two types of access control restriction exist in Fabric OS:
•
Restriction by MOF class: A MOF class groups similar Fabric OS commands into feature sets that
share the same access permissions. By assigning one or more MOF classes to a role, the account
with the specified role can access all the commands included in these classes. For example, the
predefined role ZoneAdmin can access the commands under the MOF class Zoning, but not those
under the UserManagement class. With the
roleConfig
command you could define a special admin
role called myzonesec and assign access to this role for both the zoning and the userManagement
class.
•
Restriction by RBAC access level: You can further restrict access by setting RBAC one of the
following access levels for the role. The RBAC permissions are set per class.
-
O = observe
-
OM = observe-modify
-
N = none/not available
Use the
--show
option to display information about user-defined roles and default roles. Use the
classConfig
command to display information about MOF classes and associated commands. Note that
you cannot modify the predefined Fabric OS roles.
NOTES
The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS
This command has the following operands:
--add
Creates a role with the specified name and optional attributes. The new role is
created with two default RBAC classes, "localuserenvironment" and "nocheck"
and has the default permissions observe and modify ("OM). A configuration
download will always reset the permissions of these two default classes to "OM."
--change
Modifies an existing user-defined role.
Содержание Fabric OS v7.0.1
Страница 1: ...53 1002447 01 15 December 2011 Fabric OS Command Reference Supporting Fabric OS v7 0 1 ...
Страница 6: ...vi Fabric OS Command Reference 53 1002447 01 ...
Страница 30: ...4 Fabric OS Command Reference 53 1002447 01 Using the command line interface 1 ...
Страница 118: ...92 Fabric OS Command Reference 53 1001764 01 ceePortLedTest 22 ceePortLedTest DESCRIPTION See portLedTest SEE ALSO None ...
Страница 270: ...244 Fabric OS Command Reference 53 1001764 01 exit 22 exit DESCRIPTION See logout SEE ALSO None ...
Страница 1132: ...1106 Fabric OS Command Reference 53 1002447 01 General Fabric OS commands and permissions A ...