Flex SystemChassis Management Module command-line interface: commands and user authority

Some CMM CLI commands can be executed only by users who are assigned a required level of authority.

Users are assigned authority levels according to user permission groups that are set up for the CMM.

Users with Supervisor command authority can execute all commands. Commands that display information do not require any special command authority; however, users can be assigned restricted read-only access, as follows:

Users with Operator command authority can execute all commands that display information.
Users with Chassis Operator custom command authority can execute commands that display information about the common Flex System Enterprise Chassis components.
Users with Blade Operator custom command authority can execute commands that display information about the node devices, such as compute nodes.
Users with Switch Operator custom command authority can execute commands that display information about the I/O modules.

Table 1 shows the command-line interface commands and their required authority levels. To use the table, observe the following guidelines:

The commands in this table apply only to the command variants that set values or cause an action and require a special command authority: display variants of the commands do not require any special command authority.
If a command requires only one command authority at a time, each of the applicable command authorities is indicated by a dot (·). If a command requires a combination of two or more command authorities, the applicable command authorities are indicated by a diamond (◊). For example, the cin command is available to a user with the Supervisor command authority and to a user with both the Chassis Account Management and Chassis Configuration command authorities.

Important: Users and permission groups for the Flex System Enterprise Chassis are controlled by the CMM in each Flex System Enterprise Chassis, using the CMM CLI users command and the permgroups command or the CMM web interface. If your Flex System configuration includes an optional Flex System Manager management node, users and permission groups for each optional Flex System Manager installation are controlled by the optional Flex System Manager management software (see Flex System Manager for information).

Note:

LDAP authority levels are not supported by the CMM web interface. If you enable the enhanced role-based security using the CMM web interface, you must configure the external LDAP server using an LDAP snap-in tool that is available for Microsoft Windows operating systems.
To use the LDAP authority levels, you must make sure that the version of LDAP security that is used by the CMM is set to v2 (enhanced role-based security model). See ldapcfg command for information.

Table 1. Command authority relationships.
The command authority relationship table is a multi-row, multi-column complex table where each row lists the command authorities needed to run a CMM CLI command option. Column one lists the command option and columns two through eleven indicate the command authorities. Required command authorities are indicated by a symbol placed in the appropriate column, with special symbols denoting multiple authority dependencies. Symbols used are explained in the text preceding the table.
Command	Command Authority
Command	Supervisor	Chassis Account Management	Chassis Log Management	Chassis Administration	Chassis Configuration	Blade Administration	Blade Configuration	Blade Remote Presence	I/O Module Administration	I/O Module Configuration
accseccfg	·				·
advfailover	·				·
airfilter	·	·	·	·	·
alertcfg	·				·
alertentries	·	·	·	·	·
baydata	·						·
bootmode	·						·
chconfig	·				·
chlog	·				·
chmanual	·	·	·	·	·	·	·	·	·	·
cimsub	·
cin	·	◊			◊
clear	·			◊	◊				◊	◊
clearlog	·		·
config (compute node target)	·						·
config (CMM or Flex System Enterprise Chassis)	·				·
console	·							·
crypto	·				·
date	·				·
dns	·				·
events -che	·	·	·	·	·	·	·	·	·	·
events -che -add -rm	·				·
files -d	·			·	·	·	·		·	·
fsmcm	·	·
fuelg	·				·
groups	·				·
ifconfig (compute node target)	·						·
ifconfig (compute node ISMP, CMM, and system targets)	·				·
ifconfig (I/O module target)	·									·
ifconfig -pip (I/O module target)	·								·	·
ldapcfg	·				·
led -info, -loc (system target)	·			·
led -info, -loc (compute node target)	·					·
led -loc (I/O module target)	·								·
monalerts	·				·
ntp	·				·
permgroups	·	·
pmpolicy	·				·
portcfg	·				·
ports	·				·
ports (I/O module target)										·
power -on, -off, -softoff, -cycle	·					·			·
power -on -c, -cycle -c	·					◊		◊
power -ap, -aux, -d	·				·		·
power -local, -wol	·						·
pwrprofile	·	·	·	·	·
read¹	·				·
reset (compute node or ISMP target)	·					·
reset (I/O module target)	·								·
reset (CMM target)	·			·
reset -c, -sft, (compute node target)	·					◊		◊
reset -exd, -full, -std (I/O module target)	·								·
reset -f, -standby (CMM target)	·			·
sddump	·					·
sdemail	·	·	·	·	·	·	·	·	·	·
security	·				·
service (CMM target)	·			·	·
service (compute node or storage node target)	·					·	·
service (compute node system-management processor target)	·						·
service (I/O module target)	·								·
smtp	·				·
snmp	·				·
sol	·				·		·
sshcfg	·				·
sslcfg	·				·
syslog	·	·	·	·	·
tcpcmdmode	·				·
trespass	·				·
uicfg	·				·
update (CMM target)	·			·
update (I/O module target)	·								·
uplink	·				·
users	·	·
vlan (CMM target)	·				·
vlan (chassis target)	·						·

Note:

To successfully restore all settings, a user running the read command must have permission to modify any settings controlled by individual commands in the configuration being restored.

Commands and user authority