S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
22-3
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 22 Configuring User Accounts and RBAC
Information About User Accounts and RBAC
The Nexus 5000 Series switch provides the following default user roles:
•
network-admin (superuser)—Complete read and write access to the entire Nexus 5000 Series
switch.
•
network-operator—Complete read access to the Nexus 5000 Series switch.
Note
If you belong to multiple roles, you can execute a combination of all the commands permitted by these
roles. Access to a command takes priority over being denied access to a command. For example, suppose
a user has RoleA, which denied access to the configuration commands. However, the users also has
RoleB, which has access to the configuration commands. In this case, the users has access to the
configuration commands.
About Rules
The rule is the basic element of a role. A rule defines what operations the role allows the user to perform.
You can apply rules for the following parameters:
•
Command—A command or group of commands defined in a regular expression.
•
Feature—Commands that apply to a function provided by the Nexus 5000 Series switch.
–
Enter the
show role feature
command to display the feature names available for this parameter.
•
Feature group—Default or user-defined group of features.
–
Enter the
show role feature-group
command to display the default feature groups available for
this parameter.
These parameters create a hierarchical relationship. The most basic control parameter is the command.
The next control parameter is the feature, which represents all commands associated with the feature.
The last control parameter is the feature group. The feature group combines related features and allows
you to easily manage of the rules.
You can configure up to 256 rules for each role. The user-specified rule number determines the order in
which the rules are applied. Rules are applied in descending order. For example, if a role has three rules,
rule 3 is applied before rule 2, which is applied before rule 1.
About User Role Policies
You can define user role policies to limit the switch resources that the user can access. You can define
user role policies to limit access to interfaces, VLANs and VSANs.
User role policies are constrained by the rules defined for the role. For example, if you define an interface
policy to permit access to specific interfaces, the user will not have access to the interfaces unless you
configure a command rule for the role to permit the interface command. The
Changing User Role
Interface Policies, page 22-7
contains an example configuration.
If a command rule permits access to specific resources (interfaces, VLANs or VSANs), the user is
permitted to access these resources, even if they are not listed in the user role policies associated with
that user.
Содержание N5010P-N2K-BE
Страница 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 101: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 2 LAN Switching ...
Страница 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 239: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 3 Switch Security Features ...
Страница 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 311: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 4 System Management ...
Страница 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 399: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 5 Fibre Channel over Ethernet ...
Страница 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 417: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 6 Quality of Service ...
Страница 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 435: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 7 SAN Switching ...
Страница 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Страница 657: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m P A R T 8 Troubleshooting ...
Страница 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...