Hello

We have issue with MDS role when we use custom roles.

Example of problem: The question mark is working on "Predefined group" example network-admin. But not on custom role in MDS NX-OS 5.2.

As a reference everything works prefect on Nexus 5k nx-os 5.1. with the same user and aaa (ACS/tacacs) server.

!

MDS9513-7# show role name san-1

Role: san-1

  Description: Admin Role

  Vsan policy: permit (default)

  -------------------------------------------------

  Rule    Type    Command-type    Feature        

  -------------------------------------------------

  1       permit  clear           *              

  2       permit  config          *              

  3       permit  debug           *              

  4       permit  exec            *              

  5       permit  show            *              

MDS9513-7# show role name network-admin

Role: network-admin

  Description: Predefined Network Admin group. This role cannot be modified.

  Vsan policy: permit (default)

  -------------------------------------------------

  Rule    Type    Command-type    Feature        

  -------------------------------------------------

  1       permit  clear           *              

  2       permit  config          *              

  3       permit  debug           *              

  4       permit  exec            *              

  5       permit  show            *              

Invalid role name 'network-admin'

------ The user output  ------

MDS9513-7# sh user-a

user:xx123

        roles:san-1

account created through REMOTE authentication

MDS9513-7# ?

  configure  Enter configuration mode

  end        Go to exec mode

  exit       Exit from command interpreter

MDS9513-7# sh ver | inc 5.2

  kickstart: version 5.2(6a)

  system:    version 5.2(6a)

----------------------------------

Cisco please release "The complete guide to MDS/NX-OS RBAC/Role".   ;-)

We manage to find some DCNM "hidden" role to perform some task when use custom role.

Regards

Christer