Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
2
Replies

NX-OS RBAC role device-alias database

Jeremy Waldrop
Level 4
Level 4

‎10-21-2012 06:42 AM

Trying to create a custom RBAC role for Nexus 5500 SAN Admin. What role permission is required to have the ability to create device-aliases? The default san-admin role doesn't allow it so I created a custom role but can't figure it out.

Labels:
0 Helpful
2 Replies 2

Leo Laohoo
Hall of Fame
Hall of Fame

‎10-22-2012 01:56 AM

Duplicate post #2.

0 Helpful

Jeremy Waldrop
Level 4
Level 4

‎10-22-2012 03:39 AM

I figured out how to get the exact permissions and have the device-alias options. There isn't a role feature that includes device-aliases so I had to grant permissions to the specific commands. Here is the custom sanadmin role that works for me.

role name sanadmin

interface policy deny

permit interface fc1/33-48,fc3/1-16

vlan policy deny

vrf policy deny

rule 1 permit read

rule 2 permit read-write feature copy

rule 3 permit read-write feature fcdomain

rule 3 permit read-write feature fcfe

rule 4 permit read-write feature fcmgmt

rule 5 permit read-write feature fdmi

rule 6 permit read-write feature fspf

rule 7 permit read-write feature interface

rule 8 permit read-write feature ping

rule 9 permit read-write feature rdl

rule 10 permit read-write feature rscn

rule 11 permit read-write feature trunk

rule 12 permit read feature snmp

rule 13 permit read-write feature vsan

rule 14 permit read-write feature vsanIfvsan

rule 15 permit read-write feature wwnm

rule 16 permit read-write feature zone

rule 17 permit command config t ; device-alias *

rule 18 permit command clear device-alias *

rule 19 permit command debug device-alias *

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card