Solved: Users in FM

User_4444_2 · ‎11-29-2011

I want to add a user with restricted access to Fabric Manager and it seems that, if you give anything less than "Network-Admin" via FM. They can't se anything, regardless of Role they are in? Is that correct?

We don't use AAA only local access.

Thanjs

dakester · ‎12-01-2011

Hi Roy,
Try this.

1. Create a user on the CLI.
MDS(config)# user testuser password testuser123 role network-operator

2. Log into FM as admin and Create a Local FM user testuser with network-admin role and log out of FM.

3. Log back into Fabric Manager with this new Local FM user testuser.
The first window after entering your password will be the Control Panel Window.
This is before opening a fabric.

3. On the Control Panel Window, change (or input) the Client Username and Client password to the testuser and the password you configured for testuser in step 1.

4. Open the Fabric and try to change the configuration of an interface and test other configuration changes.

Does this meet your needs?

View solution in original post

dakester · ‎11-29-2011

Hi,

In what way do you want to restrict access?

By fabirc?

By VSAN?

By FM Web Client Reports?

By FM Client swich commands?

User_4444_2 · ‎11-30-2011

All I want is a User to have read-only view within Fabric Manager. All the other levels of access don't supply any information about the Fabric in FM

I'm guessing that you can limit what they can see, run & configure via the CLI but not via FM.

Thanks

dakester · ‎11-30-2011

Hi Roy,

I logged into the switch with user admin and created a new user with a role of network-operator.

MDS(config)# user testuser passwork testuser23 role network-operator

This also creates an snmp user for Device Manager and Fabric Manager.

snmp-server user testuser network-operator auth md5 0x9e5257dc2d06c6f28d3685182f95ca23 priv 0x9e5257dc2d06c6f28d3685182f95ca23 localizedkey

I then logged into Fabric Manager Stand Alone with admin and then discovered the single switch fabric with the new network-operator user, testuser. network-operator is equivalent to read-only.

Is this what you are looking for?

User_4444_2 · ‎12-01-2011

I can create the user and put them into any Role. I even created a new Role and changed the access for that Role but what I want is a User that can login into FM can see everything but only has read-only access. I have tried creating Server-Admin, Network-Operator & Network-Admin for "Local FM Users" but only Network-Admin can see everything but has complete control which I don't want.

Hope I have explained it?

Cheers

dakester · ‎12-01-2011