12-15-2011 05:45 AM
All- hello, discovering and working on a new companies fabrics. Hoping to setup automated configupload for lack of backup process here.
I have noticed a user account on my switches labels "factory", with role definition of factory and description of "diagnostics". Short of creating an operator account and setting this up across many switches or defining LDAP to simply grab my configs I wanted to use this already existent account if I can. I have searched over the forums here as well as reading the FOS 6.4 admin guide. I do not see any definition of the "factory" role, nor can I modify or see properties even as root because my permission is denied.
Is it advisable or ok to use this account for grabs? or can anyone speak to what comparable level of switch access this account has? (admin, operator, fabricAdmin etc). If a separate account creation is advised what is the lowest role level which can still run and pull configupload without write ability? Operator? User?
Thanks for the assistance.
12-15-2011 06:15 AM
Hi the factory role is above the root or admin role. it is used to set parameters or solve problems together with the labs because it is so mighty (although it is dangerous).
so just use an administrator role to config your switches.
12-15-2011 09:14 AM
I agree with christian_ham on not using the factory account the grab configs.
And i wouldn't use the admin account the grab configs only. It has to much privileges just to do grabs.
I suggest you create an user dedicated for grabbing configs.
Which role that user should have depends on the config you want to grab.
I know of an matrix with RBAC roles but unfortunatly am unable to locate ATM