Role Distributions; About Role Databases - Cisco MDS 9000 Series Configuration Manual

Role Distributions

Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# role name sangroup
switch(config-role)#
Places you in role configuration submode for the sangroup role.
Step 3
switch(config)# vsan policy deny
switch(config-role-vsan)#
Changes the VSAN policy of this role to deny and places you in a submode where VSANs can be selectively
permitted.
Step 4
switch(config-role)# no vsan policy deny
(Optional) Deletes the configured VSAN role policy and reverts to the factory default (permit).
Step 5 switch(config-role-vsan)# permit vsan 10-30
Permits this role to perform the allowed commands for VSANs 10 through 30.
Step 6
switch(config-role-vsan)# no permit vsan 15-20
(Optional) Removes the permission for this role to perform commands for VSANs 15 to 20. So, the role is
now permitted to perform commands for VSAN 10 to 14, and 21 to 30.
Role Distributions
Role-based configurations use the Cisco Fabric Services (CFS) infrastructure to enable efficient database
management and to provide a single point of configuration for the entire fabric.
The following configurations are distributed:
• Role names and descriptions
• List of rules for the roles
• VSAN policy and the list of permitted VSANs
This section includes the following topics:

About Role Databases

Role-based configurations use two databases to accept and implement configurations.
• Configuration database—The database currently enforced by the fabric.
• Pending database—Your subsequent configuration changes are stored in the pending database. If you
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
16
modify the configuration, you need to commit or discard the pending database changes to the configuration
Common Roles