Brocade Communications Systems 53-1001778-01 Manual De Usuario
Brocade SMI Agent User’s Guide
21
53-1001778-01
SMI Agent security
3
FIGURE 9
User Mapping Configuration dialog box
6. Click Apply.
The value in the Status column changes from Not Persisted to Persisted.
Limitations of SMI-A user-to-switch user mapping
•
Indications are not filtered based on the SMI-A user names. Indications related to fabrics for
which the SMI-A user does not have access will still be delivered.
which the SMI-A user does not have access will still be delivered.
•
It is not recommended to map default SMI-A users to a zoneadmin switch user. If default SMI-A
users are mapped to a zoneadmin switch user, then the Brocade SMI Agent Configuration Tool
is unable to display the status of the fabric connection.
users are mapped to a zoneadmin switch user, then the Brocade SMI Agent Configuration Tool
is unable to display the status of the fabric connection.
•
For VF-enabled chassis, read or write access restrictions are not allowed for each logical fabric
separately. If the SMI-A user is mapped to a switch user on a VF-enabled chassis, then the
SMI-A user has the same access privilege for all of the logical fabrics in the chassis.
separately. If the SMI-A user is mapped to a switch user on a VF-enabled chassis, then the
SMI-A user has the same access privilege for all of the logical fabrics in the chassis.
•
For VF-enabled chassis, the switch user mapped in User mapping and Default User mapping
configurations should have access to at least one of the logical fabrics configured in the
VF-enabled chassis.
configurations should have access to at least one of the logical fabrics configured in the
VF-enabled chassis.
•
The SMI Agent does not restrict access based on the VF list accessible to the switch user in a
VF-enabled chassis. The SMI Agent uses the RBAC permission map of the proxy switch alone.
For switches running Fabric OS 6.3.x or earlier, RBAC restrictions in the SMI Agent cannot be
specific to certain logical fabrics. To get the same RBAC behavior in the SMI Agent for switches
running Fabric OS 6.4.x or later, the chassis role of these switches should not be more access
restrictive than the switch role.
VF-enabled chassis. The SMI Agent uses the RBAC permission map of the proxy switch alone.
For switches running Fabric OS 6.3.x or earlier, RBAC restrictions in the SMI Agent cannot be
specific to certain logical fabrics. To get the same RBAC behavior in the SMI Agent for switches
running Fabric OS 6.4.x or later, the chassis role of these switches should not be more access
restrictive than the switch role.
SMI Agent security
This section describes how to use the Brocade SMI Agent Configuration Tool to configure security
options.
options.
•
next
•
•
•
•
•
•
•