Commands and user authority

This topic lists command-line interface commands and the user authority levels needed to run them.

Some commands in the command-line interface can be executed only by users who are assigned a required level of authority. Users with Supervisor command authority can execute all commands. Commands that display information do not require any special command authority; however, users can be assigned restricted read-only access, as follows:

Users with Operator command authority can execute all commands that display information.
Users with Chassis Operator custom command authority can execute commands that display information about the common BladeCenter unit components.
Users with Blade Operator custom command authority can execute commands that display information about the blade servers.
Users with Switch Operator custom command authority can execute commands that display information about the I/O modules.

Table 1 shows the command-line interface commands and their required authority levels. To use the table, observe the following guidelines:

The commands in this table apply only to the command variants that set values or cause an action and require a special command authority: display variants of the commands do not require any special command authority.
If a command requires only one command authority at a time, each of the applicable command authorities is indicated by a dot (•). If a command requires a combination of two or more command authorities, the applicable command authorities are indicate by ◇ or ‡. For example, the boot -c command is available to a user with the Supervisor command authority and to a user with both the Blade Administration and Blade Remote Presence command authorities.

Important: Command authority definitions might change between firmware versions. Make sure that the command authority level for each user is correct after you update the management-module firmware.

Notes:

LDAP (lightweight directory access protocol) authority levels are not supported by management modules other than the advanced management module.
LDAP authority levels are not supported by the management-module web interface.
To use the LDAP authority levels, you must make sure that the version of LDAP security that is used by the management module is set to v2 (enhanced role-based security model). See ldapcfg command for information.

Table 1. Command authority relationships
Command	Authority
Command	Supervisor	Chassis Account Management	Chassis Log Management	Chassis Administration	Chassis Configuration	Blade Administration	Blade Configuration	Blade Remote Presence	I/O Module Administration	I/O Module Configuration
accseccfg	•				•
advfailover	•				•
airfilter	•	•	•	•	•
alarm -c, -r, -s	•				•		•			•
alarm -q -g	•					•		•
alertcfg	•				•
alertentries	•				•
alertentries -test	•		•	•	•	•	•	•	•	•
autoftp	•				•
baydata	•						•
bofm	•				•
boot (blade server)	•					•
boot -c	•					◇		◇
boot -p	•					•
bootmode	•						•
bootseq	•						•
buildidcfg	•					•	•	•
chconfig	•				•
chlog	•				•
chmanual	•	•	•	•	•	•	•	•	•	•
cin	•	◇			◇
clear	•			◇	◇				‡	‡
clearlog	•		•
clock	•				•
config (blade server)	•						•
config (management module or BladeCenter unit)	•				•
console	•							•
crypto	•				•
displaylog -lse	•		•
dns	•				•
ethoverusb	•					•
events -che	•	•	•	•	•	•	•	•	•	•
events -che -add -rm	•				•
feature	•			•
files -d	•			•	•	•	•		•	•
fuelg	•				•
groups	•				•
identify	•				•		•
ifconfig (blade server target)	•						•
ifconfig (blade server ISMP, management module, and system targets)	•				•
ifconfig (I/O module target)	•									•
ifconfig -pip (I/O module target)	•								•	•
kvm -b	•							•
kvm -local	•				•
ldapcfg	•				•
led -info, -d, -loc (system target)	•	•	•	•	•
led -info, -loc (blade server target)	•					•	•	•
mcad	•				•
monalerts	•				•
mt -b	•							•
mt -local, -remote	•				•
nat	•									•
ntp	•				•
ping -i (see Note 1)	•								•	•
pmpolicy	•				•
portcfg	•				•
ports	•				•
ports (I/O module target)										•
power -on, -off, -softoff, -cycle	•					•			•
power -on -c, -cycle -c	•					◇		◇
power -wol, -local	•				•		•
power -fp (global)	•				•
power -fp (I/O module)	•								•
rdoc	•							•
read	•				•
remacccfg	•				•
reset (blade server or ISMP)	•					•
reset (I/O module)	•								•
reset (management module)	•			•
reset -c, -clr, -dg, -ddg, -sft, -uefi (blade server)	•					◇		◇
reset -sms (blade server)	•					•
reset -exd, -full, -std (I/O module)	•								•
reset -f, -standby, -force (management module)	•			•
scale	•					•
sddump	•					•
sdemail	•	•	•	•	•	•	•	•	•	•
security	•				•
service	•				•
shutdown	•					•
slp	•				•
smtp	•				•
snmp	•				•
sol	•				•		•
sshcfg	•				•
sslcfg	•				•
syslog	•				•
tcpcmdmode	•				•
telnetcfg	•				•
trespass	•				•
uicfg	•				•
update	•			•		•			•
uplink	•				•
users	•	•
users -disable, -enable, -unlock	•	•		•	•
vlan	•				•
write	•				•
zonecfg	•									•

Note:

All users can execute the ping -i command directed to a specific IP address. Users with Supervisor, Operator (general operator), I/O Module Administration, I/O Module Configuration, or I/O Module Operator authority can execute the ping -i command option with no arguments or ping a specific IP address that is identified using its index number.