Assign and View EFA Roles

You can assign a role to a user and to an LDAP group.

About this task

For more information about EFA roles, see EFA RBAC Policy Enforcement.

Procedure

  1. To assign a role to a user, run the following command.
    # efa auth rolemapping add --name fabricuser --role FabricAdmin --type user
    Successfully added the role mapping
    In this example, a user named fabricuser was assigned the role of FabricAdmin.
  2. To assign a role to an LDAP group, run the following command.
    # efa auth rolemapping add --name "cn=viewer,dc=extr,dc=com" --role NetworkOperator 
    --type group
    Successfully added the role mapping.
    In this example, a group named "cn=viewer,dc=extr,dc=com" was assigned the role of NetworkOperator.
  3. To view all role assignments, run the following command.
    # efa auth rolemapping show
    ID  Name	 Role	      Type
    1   efauser    SystemAdmin      USER
    2   fabricuser FabricAdmin      USER
    3   viewer     NetworkOperator  GROUP 
  4. To delete a role assignment, run the following command.
    # efa auth rolemapping remove --id 3
    Deleted role mapping successfully
    In this example, the role for the user with ID 3 was removed.