Restricted user in Fabric Manager?

Unanswered Question
Aug 25th, 2010

Hello all,

in our company we have SAN with several MDS 9509 and 9513 switches. We use a FMS 4.1 for management.

The cabling is done by a subcontractor. In future they should also do the port assignment. Enable/disable ports, change the port description.

Therfore i try to define some restricted users.

On device manager i have defined a role SAN-Port with the following rules:

  1. permit     Show     * 
      1. permit     Config    interface
      2. permit     Exec     copy

      This looks ok for me.

      I want to have a similar restriction in the FM client. They should use it as an entry point for their work, as i do.

      But i didn't see a possibility to do that.

      I can define a role in FMS, but there i can only define the scope of SAN's. When a user with such a role opens the FM client, he cannot access a device manager via right click a switch. The device manager option isn't shown.

      If i define a user with a predefined role in FMS, it seems the user can do nearly everything.

      So is ther a way to restrict a user like in device manager? Or can we only use the device manager?

      Kind regards,


      AXA Tech Germany

      I have this problem too.
      0 votes
      • 1
      • 2
      • 3
      • 4
      • 5
      Overall Rating: 0 (0 ratings)
      dynamoxxx Thu, 08/26/2010 - 19:50

      if you only want them to change port vsan membership why would you need them to get into FM in the first place, that's what DM is for ?

      Ricki2411 Fri, 08/27/2010 - 07:12


      we have 2 SAN's with different userid's for each SAN. By using the FMS there is only one single entry point for both SAN's. And you have only one single logon. I prefer this way.

      But it's not really a problem to use the device manager. So i think i will do it in this way.

      Kind regards,


      AXA Tech Germany

      Gary Ross Thu, 08/26/2010 - 20:11

      For what you listed out as the roles and responsibilities of your contractor are, they only need CLI access.  SSH preferred or Telnet.  You're looking at 5 or less commands they need to know to do their end of the job.

      Just a thought on making your life easier.

      Hope this helps.



      This Discussion

      Related Content



      Trending Topics: Storage Networking