efa auth rolemapping

Assigns XCO roles to a user or an LDAP group.

Syntax

efa auth rolemapping add [--name user-name | --role efa-role | --type user-type | --auth-type string | --auth-identifier string ]
efa auth rolemapping show [ --auth-type string | --auth-identifier string ]
efa auth rolemapping remove --id id

Parameters

--auth-identifier string
Mandatory for LDAP and TACACS role mapping. It represents the target configuration to which the roles are being added to. For LOCAL and HOST auth types it is empty.
--auth-type string
Possible values are HOST, LOCAL, LDAP or TACACS. Default cli value is HOST.
--id id
ID of the role mapping.
--name user-name
Specifies the user name for HOST and LOCAL configuration. For LDAP it can be a group or user name. For TACACS it represents the group name.
--role efa-role
Specifies the name of the role that you want to assign. It can be one of the following: FabricAdmin, SecurityAdmin, NetworkOperator, SystemDebugger, SystemAdmin, <Tenant>Admin. The Tenant Administrator is assigned dynamically when the tenant is created. The role name has the following format: <Tenant-name>Admin.
--type user-type
Specifies the type of rolemapping. Enter either user or group. For LDAP it has value "group" by default. For local and host role mapping it has value "user"if not input. For TACACS the type value is "group".

Examples

These examples assign the role of SystemAdmin.

# efa auth rolemapping add --name=user2 --role SystemAdmin -–auth-type HOST

# efa auth rolemapping add --name=admin --role SystemAdmin 
--auth-type TACACS --auth-identifier 10.x.x.x 

# efa auth rolemapping add --name=viewer --role SystemAdmin -–type group 
-–auth-type LDAP -–auth-identifier ldapconfig

This example assigns a role to a TACACS group. 

# efa auth rolemapping add --name=admin --role SystemAdmin 
--auth-type TACACS --auth-identifier 10.x.x.x 

Successfully added the role mapping. 

+-----------+-------------+ 

| attribute | value       | 

+-----------+-------------+ 

| id        | 44          | 

+-----------+-------------+ 

| name      | admin       | 

+-----------+-------------+ 

| role      | SystemAdmin | 

+-----------+-------------+ 

| type      | GROUP        | 

+-----------+-------------+ 

| auth type | TACACS        | 

+-----------+-------------+ 

| auth identifier | 10.x.x.x        | 

+-----------+-------------+ 
# efa auth rolemapping add --name "cn=viewer,dc=extr,dc=com" --role NetworkOperator 
--type group --auth-type LDAP --auth-identifier ldapconfig 

Successfully added the role mapping. 

+-----------+-------------+ 

| attribute | value       | 

+-----------+-------------+ 

| id        | 45          | 

+-----------+-------------+ 

| name      | cn=viewer,dc=extr,dc=com       | 

+-----------+-------------+ 

| role      | NetworkOperator | 

+-----------+-------------+ 

| type      | GROUP        | 

+-----------+-------------+ 

| auth type | LDAP        | 

+-----------+-------------+ 

| auth identifier | ldapconfig        | 

+-----------+-------------+ 
# efa auth rolemapping show --auth-type LDAP --auth-identifier ldapconfig 
	 			
# efa auth rolemapping show --auth-type TACACS --auth-identifier 10.x.x.x
This example displays all role assignments.
# efa auth rolemapping show 

+----+----------+-----------------+-------+-----------+------------+ 

| ID | Name     | Role            | Type  | Auth Type | Auth Identifier | 

+----+----------+-----------------+-------+-----------+------------+ 

| 1  | user     | SystemAdmin     | USER  | HOST      |            | 

+----+----------+-----------------+-------+-----------+------------+ 

| 43 | user2    | SystemAdmin     | USER | HOST      |            | 

+----+----------+-----------------+-------+-----------+------------+ 

| 44 | admin    | SystemAdmin | GROUP  | TACACS      | 10.x.x.x           | 

+----+----------+-----------------+-------+-----------+------------+ 

| 45 | cn=viewer,dc=extr,dc=com    | NetworkOperator     | GROUP  | LDAP      | ldapconfig  | 

+----+----------+-----------------+-------+-----------+------------+ 

# efa auth rolemapping show --auth-type LDAP --auth-identifier ldapconfig 

# efa auth rolemapping show --auth-type TACACS --auth-identifier 10.x.x.x
This example deletes the role for the user with ID 43.
# efa auth rolemapping remove --id 43
Deleted role mapping successfully
9038970-00 Rev AA