Send documentation comments to mdsfeedback-doc@cisco.com.
25-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 25 Users and Common Roles
Configuring Common Roles

Configuring Common Roles

From Cisco SAN-OS Release 1.2(x), CLI and SNMP in all switches in the Cisco MDS 9000 Family use
common roles.
You can use SNMP to modify a role that was created using CLI and vice versa. Each role in SNMP is
the same as a role created or modified through the CLI. Common roles allow you to use a set of rules to
set the scope of VSAN security. Each role can be restricted to one or more VSANs as required.
To configure common roles from the Device Manager, select Common Roles from the Security menu.
You can then access the Rules dialog box to configure the set of rules.
To configure common roles from Fabric Manager, select Security > SNMP and click the Roles tab in
the Information pane. Fabric Manager uses a default rules set for roles; therefore, no Rules dialog box
is displayed.
Note Most tabs in the Information pane for features using CFS are dimmed until you click the CFS tab. The
CFS tab shows which switches have CFS enabled and shows the master switch for this feature. Once the
CFS tab is clicked, the other Information pane tabs that use CFS are activated.

Creating Common Roles

To create a common role, follow these steps.
Step 1 In Fabric Manager, choose Switches > Security > SNMP from the Physical Attributes , and click the
Roles tab in the Information pane.
In Device Manager, choose Common Roles from the Security menu. You see the Common Roles dialog
box.
Step 2 Click the Create Row icon to create a new role in Fabric Manager or click Create in Device Manager.
You see the Roles - Create dialog box.
Step 3 Select the switches on which you want to configure the role in Fabric Manager.
Step 4 Enter the name of the role in the Name field.
Step 5 Enter the description of the role in the Description field.
Step 6 Check the Has Config and Exec Permission check box if you want your role to have read, write, and
create permission. If you do not check the Has Config and Exec Permission check box, your role will
have read-only permission.
Step 7 Optionally, check the Enable check box to enable the VSAN scope and enter the list of VSANs in the
Scope field that you want to restrict this role to.
Step 8 Click Create to create the role, or click Close to close the Roles - Create dialog box without creating
the common role.
Note Device Manager automatically creates six roles that are required for Device Manager to display a view
of a switch. These roles are: system, snmp, module, interface, hardware, and environment.