Starting from NX-OS 5.2(1)N1(1), Nexus 5500 has a new predefined role "san-admin" which allows you to provide clear demarcation on what SAN and LAN team can do on the Nexus 5500. You can use this for your DCNM for SAN too. I have tried it on my DCNM 6.2(3) in lab and it works fine. User with this right can do most of the things on DCNM for SAN but not DCNM for LAN. Here is the detail on what a predefined san-admin role can do:
POC-N5K# sh role name san-admin
Role: san-admin
Description: Predefined system role for san administrators. This role
cannot be modified.
vsan policy: permit(default)
Vlan policy: permit(default)
Interface policy: permit(default)
Vrf policy: permit(default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
27 permit read
26 permit read-write feature fcdomain
25 permit read-write feature rdl
24 permit read-write feature trunk
23 permit read-write feature fcmgmt
22 permit read-write feature fcfe
21 permit read-write feature port-track
20 permit read-write feature fcoe
19 permit read-write feature port-security
18 permit read-write feature copy
17 permit read-write feature rmon
16 permit read-write feature rscn
15 permit read-write feature fspf
14 permit read-write feature fdmi
13 permit read-write feature fcsp
12 permit read-write feature fcns
11 permit read-write feature span
10 permit read-write feature zone
9 permit read-write feature wwnm
8 permit read-write feature vsan
7 permit read-write feature vsanIfvsan
6 permit read-write feature fabric-binding
5 permit read-write feature interface
4 permit read-write feature trapRegEntry
3 permit read-write feature snmpTargetAddrEntry
2 permit read-write feature snmpTargetParamsEntry
1 permit read-write feature snmp
No comments:
Post a Comment