Assign and View EFA Roles

You can assign a role to a user and to an LDAP group.

About this task

For more information about EFA roles, see EFA RBAC Policy Enforcement.

Procedure

  1. To assign a role to a user, run the following command. 
    # efa auth rolemapping add --name fabricuser --role FabricAdmin --type user
Successfully added the role mapping
    In this example, a user named fabricuser was assigned the role of FabricAdmin.
  2. To assign a role to an LDAP group, run the following command. 
    # efa auth rolemapping add --name "cn=viewer,dc=extr,dc=com" --role NetworkOperator 
--type group
Successfully added the role mapping.
    In this example, a group named "cn=viewer,dc=extr,dc=com" was assigned the role of NetworkOperator.
  3. To view all role assignments, run the following command. 
    # efa auth rolemapping show
ID  Name	 Role	      Type
1   efauser    SystemAdmin      USER
2   fabricuser FabricAdmin      USER
3   viewer     NetworkOperator  GROUP
  4. To delete a role assignment, run the following command. 
    # efa auth rolemapping remove --id 3
Deleted role mapping successfully
    In this example, the role for the user with ID 3 was removed.
9037632-00 Rev AA