Commands and user authority

Some CMM CLI commands can be executed only by users who are assigned a required level of authority.

Users are assigned authority levels according to user permission groups that are set up for the CMM.

Users with Supervisor command authority can execute all commands. Commands that display information do not require any special command authority; however, users can be assigned restricted read-only access, as follows:

Table 1 shows the command-line interface commands and their required authority levels. To use the table, observe the following guidelines:

Important: Users and permission groups for the Flex System Enterprise Chassis are controlled by the CMM in each Flex System Enterprise Chassis, using the CMM CLI users command and the permgroups command or the CMM web interface. If your Flex System configuration includes an optional Flex System Manager management node, users and permission groups for each optional Flex System Manager installation are controlled by the optional Flex System Manager management software (see Flex System Manager for information).
Note:
  1. LDAP authority levels are not supported by the CMM web interface. If you enable the enhanced role-based security using the CMM web interface, you must configure the external LDAP server using an LDAP snap-in tool that is available for Microsoft Windows operating systems.
  2. To use the LDAP authority levels, you must make sure that the version of LDAP security that is used by the CMM is set to v2 (enhanced role-based security model). See ldapcfg command for information.
Table 1. Command authority relationships.

The command authority relationship table is a multi-row, multi-column complex table where each row lists the command authorities needed to run a CMM CLI command option. Column one lists the command option and columns two through eleven indicate the command authorities. Required command authorities are indicated by a symbol placed in the appropriate column, with special symbols denoting multiple authority dependencies. Symbols used are explained in the text preceding the table.

Command Command Authority

Supervisor

Chassis Account Management

Chassis Log Management

Chassis Administration

Chassis Configuration

Blade Administration

Blade Configuration

Blade Remote Presence

I/O Module Administration

I/O Module Configuration

accseccfg ·       ·          
advfailover ·       ·          
airfilter · · · · ·          
alertcfg ·       ·          
alertentries · · · · ·          
baydata ·           ·      
bootmode ·           ·      
chconfig ·       ·          
chlog ·       ·          
chmanual · · · · · · · · · ·
cimsub ·                  
cin ·              
clear ·          
clearlog ·   ·              

config

(compute node target)
·           ·      

config

(CMM or Flex System Enterprise Chassis)
·       ·          
console ·             ·    
crypto ·       ·          
date ·       ·          
dns ·       ·          
events -che · · · · · · · · · ·
events -che -add -rm ·       ·          
files -d ·     · · · ·   · ·
fsmcm · ·                
fuelg ·       ·          
groups ·       ·          
ifconfig (compute node target) ·           ·      
ifconfig (compute node ISMP, CMM, and system targets) ·       ·          
ifconfig (I/O module target) ·                 ·
ifconfig -pip (I/O module target) ·               · ·
ldapcfg ·       ·          

led -info, -loc

(system target)
·     ·            

led -info, -loc

(compute node target)
·         ·        

led -loc

(I/O module target)
·               ·  
monalerts ·       ·          
ntp ·       ·          
permgroups · ·                
pmpolicy ·       ·          
portcfg ·       ·          
ports ·       ·          
ports (I/O module target)                   ·
power -on, -off, -softoff, -cycle ·         ·     ·  
power -on -c, -cycle -c ·              
power -ap, -aux, -d ·       ·   ·      
power -local, -wol ·           ·      
pwrprofile · · · · ·          
read1 ·       ·          

reset

(compute node or ISMP target)
·         ·        

reset

(I/O module target)
·               ·  

reset

(CMM target)
·     ·            

reset -c, -sft,

(compute node target)
·              

reset -exd, -full, -std

(I/O module target)
·               ·  

reset -f, -standby

(CMM target)
·     ·            
sddump ·         ·        
sdemail · · · · · · · · · ·
security ·       ·          

service

(CMM target)
·     · ·          

service

(compute node or storage node target)
·         · ·      

service

(compute node system-management processor target)
·           ·      

service

(I/O module target)
·               ·  
smtp ·       ·          
snmp ·       ·          
sol ·       ·   ·      
sshcfg ·       ·          
sslcfg ·       ·          
syslog · · · · ·          
tcpcmdmode ·       ·          
trespass ·       ·          
uicfg ·       ·          
update (CMM target) ·     ·            
update (I/O module target) ·               ·  
uplink ·       ·          
users · ·                
vlan (CMM target) ·       ·          
vlan (chassis target) ·           ·      
Note:
  1. To successfully restore all settings, a user running the read command must have permission to modify any settings controlled by individual commands in the configuration being restored.