Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
0
Helpful
3
Replies

Restricted user in Fabric Manager?

Ricki2411
Level 1
Level 1

‎08-25-2010 05:30 AM

Hello all,

in our company we have SAN with several MDS 9509 and 9513 switches. We use a FMS 4.1 for management.

The cabling is done by a subcontractor. In future they should also do the port assignment. Enable/disable ports, change the port description.

Therfore i try to define some restricted users.

On device manager i have defined a role SAN-Port with the following rules:

  1. permit     Show     * 
      1. permit     Config    interface
      2. permit     Exec     copy

      This looks ok for me.

      I want to have a similar restriction in the FM client. They should use it as an entry point for their work, as i do.

      But i didn't see a possibility to do that.

      I can define a role in FMS, but there i can only define the scope of SAN's. When a user with such a role opens the FM client, he cannot access a device manager via right click a switch. The device manager option isn't shown.

      If i define a user with a predefined role in FMS, it seems the user can do nearly everything.

      So is ther a way to restrict a user like in device manager? Or can we only use the device manager?

      Kind regards,

      Richard

      AXA Tech Germany

      Labels:
      0 Helpful
      3 Replies 3

      dynamoxxx
      Level 5
      Level 5

      ‎08-26-2010 07:50 PM

      if you only want them to change port vsan membership why would you need them to get into FM in the first place, that's what DM is for ?

      @dynamoxxx
      0 Helpful

      Ricki2411
      Level 1
      Level 1
      In response to dynamoxxx

      ‎08-27-2010 07:12 AM

      Hello,

      we have 2 SAN's with different userid's for each SAN. By using the FMS there is only one single entry point for both SAN's. And you have only one single logon. I prefer this way.

      But it's not really a problem to use the device manager. So i think i will do it in this way.

      Kind regards,

      Richard

      AXA Tech Germany

      0 Helpful

      Gary Ross
      Level 4
      Level 4

      ‎08-26-2010 08:11 PM

      For what you listed out as the roles and responsibilities of your contractor are, they only need CLI access.  SSH preferred or Telnet.  You're looking at 5 or less commands they need to know to do their end of the job.

      Just a thought on making your life easier.

      Hope this helps.

      Gary

      0 Helpful
      Customers Also Viewed These Support Documents