Appendix B Command Reference; Understanding Role-Based Access Control - Dell PowerEdge M420 Administrator's Manual

Command Reference

Understanding role-based access control

The FC SAN Module commands use Role-Based Access Control (RBAC) to control access to all FC
SAN Module OS operations.
Seven roles are supported, as defined in
operational situations and the operations and effects a role is permitted to have on a fabric and
individual fabric elements.
TABLE 6
Role Name
User
Operator
SwitchAdmin
ZoneAdmin
FabricAdmin
BasicSwitchAdmin
Admin
SecurityAdmin
Additional command restrictions apply depending on whether Virtual Fabrics or Admin Domains are
enabled in a fabric.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive and are not supported at the same time
on a switch. To use Admin Domains, you must first disable Virtual Fabrics; to use Virtual Fabrics, you
must first delete all Admin Domains. Use ad --clear -f to remove all Admin Domains.
Dell 8/4Gbps FC SAN Module Administrator's Guide
53-1001345-01
Role definitions
Definition
Non-administrative use, such as monitoring system activity.
In OS v6.2.0 and later, the user account gains access to
Fabric ID 128. This is the default Logical Fabric after a
firmware upgrade.
A subset of administrative tasks typically required for
routine maintenance operations.
Administrative use excluding security, user management,
and zoning.
Zone management only.
Administrative use excluding user management and Admin
Domain management.
A subset of administrative tasks, typically of a more limited
scope and effect.
May perform all administrative tasks, including encryption
and chassis commands.
Administrative use including admin, encryption, security,
user management, and zoning.
Table 6. Role definitions are guided by perceived common
Appendix
B
31