permgroups command

This command displays and configures user permission groups of the primary CMM.

Important: Users and permission groups for the Lenovo Flex System chassis are controlled by the CMM in each Lenovo Flex System chassis, using the CMM CLI users command and the permgroups command or the CMM web interface. If your Lenovo Flex System configuration includes an optional management device, such as the Lenovo XClarity Administrator or Flex System Manager hardware, users and permission groups for each optional management device installation are controlled by the optional management device software (see Lenovo XClarity Administrator information page for information about Lenovo XClarity Administrator or see Flex System Manager management node for information about the Flex System Manager).
Note:
  • Permission groups are assigned to users using the users command.
  • Permission groups can be backed up as part of the CMM configuration using the write command.
  • Permission groups are restored as part of a backed up CMM configuration using the read command.

If command syntax is not correctly entered, or if a command fails to run, an error message is returned. See Common errors for a list of error messages that apply to all commands or permgroups command errors for a list of error messages that are specific to the permgroups command.

Table 1. permgroups command.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

Function What it does Command Target (see paths in Command targets)
Display all user permission groups Displays all user permission groups set up for the CMM. permgroups
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Display specific user permission group Displays information for the specified user permission group. permgroups -n group_name

where group_name is the name that identifies the user permission group.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add user permission group Creates a new user permission group.
Note:
  • User permission group names can not be changed after they are added.
  • Group names are not case sensitive.
permgroups -add -n group_name -a group_authority

where:

  • group_name is an alphanumeric string up to 63 characters in length that can include periods ( . ) and underscores ( _ ). Each group name must be unique. Group names are not case sensitive.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:roles:scope where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Add user permission group

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
Modify user permission group Modify the selected user permission group.
Note:
  • User permission group names can not be changed after they are added.
  • Group names are not case sensitive.
permgroups -n group_name -a group_authority

where:

  • group_name is the name that identifies the user permission group.
  • group_authority uses the following syntax:
    • operator (Operator)
    • rbs:roles:scope where the roles are one or more of the following authority levels, separated by a vertical bar ( | ):
      • super (Supervisor)
      • cam (Chassis User Account Management)
      • clm (Chassis Log Management)
      • co (Chassis Operator)
      • cc (Chassis Configuration)
      • ca (Chassis Administration)
      • bo (Blade Operator)
      • brp (Blade Remote Present)
      • bc (Blade Configuration)
      • ba (Blade Administration)
      • so (I/O Module Operator)
      • sc (I/O Module Configuration)
      • sa (I/O Module Administration)
(continued on next page)
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Modify user permission group

(continued)

 

where the scope is one or more of the following devices, separated by a vertical bar ( | ). Ranges of devices are separated by a dash ( - ).

  • c n (Chassis n, where n is 1)
  • b n (Blade n, where n is a valid node bay number in the chassis)
  • s n (I/O module n, where n is a valid I/O-bay number in the chassis)
This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
 
Delete user permission group Delete the specified user permission group.
Note: Group names are not case sensitive.
permgroups -n group_name-clear

where group_name is the name that identifies the user permission group.

This command can only be run by users who have one or more of the following command authorities:
  • Supervisor
  • Chassis account management
See Commands and user authority for additional information.
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Example: To add a user permission group with a name of superuser that has supervisor rights to all Lenovo Flex System components, while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
permgroups -add -n superuser -a rbs:super:c1|b1-b14|s1-s4 -T mm[p]
To display information for the superuser group, while the Lenovo Flex System chassis is set as the persistent command environment, at the system> prompt, type
permgroups -n superuser -T mm[p]

The following example shows the information that is returned from these commands:

system> permgroups -add -n superuser -a rbs:super:c1|b1-b14|s1-s4 -T mm[p]
OK
system> permgroups -n superuser -T mm[p]

-a Role:supervisor
   Blades:1|2|3|4|5|6|7|8|9|10|11|12|13|14
   Chassis:1
   Modules:1|2|3|4

system>