Access policies
You use access policies to control which appliance resources users can access.
Access policies are strings that identify a particular resource and grant access to it. A number of access policies form an access profile, which can be applied to a particular user either through credential mapping using a local user group, or an XML file.
The access policy for the IBM® MQ Appliance has the
following format:
*/*/resource?Access=privileges- resource is a URI that identifies the resource.
- privileges define the access given to the resource. Specify one or more of
the following privileges, optionally separated by the plus (+) character:
- r - read
- w - write
- x - execute
- a - add
- d - delete
NONEto explicitly exclude users from a resource.
*/*/*?Access=r+w
*/*/access/change-password?Access=xA user with the access profile defined by these policies has read and write access to all
appliance resources, plus they have execute permission on the
access/change-password resource, which enables them to change their own password on
the appliance.
There can be multiple matches when resolving access policies, and some of these might conflict
with each other. In such cases, the more resource-specific policies are granted greater weight and
override the more general policies. For example, a user group might have the following policies
defined:
*/*/*?Access=rwadx
*/*/mgmt/rest-mgmt?Access=NONEThe first policy grants users read/write/add/delete/execute permissions to all appliance resources, but the second policy restricts access to the REST management interface such that no user in the group can access it. You can use these weighting characteristics to give general permissions to all appliance resources and add more policies that exclude specific resources.
Policies applying to the same users and resource that have the same weight are additive. So, for example, if a policy provides a user group with read access on a resource, and another policy provides write access on that resource, then users in that group have both read and write permissions on that resource.
When defining an access policy for a local user group, you can enter the profile strings manually using the access-policy command, or in the IBM MQ Appliance web UI. You can also use the policy builder in the web UI to specify access policies.
The appliance resources are listed in the following tables. The tables provide the following
information for each resource:
- Resource category. The category the resource is listed under in the IBM MQ Appliance web UI.
- Resource. The name of the resource.
- Resource profile URI. The URI that you specify in an access policy giving access to this resource.
- CLI command. If you grant access to this resource, then users have access to this CLI command.
- REST URI. If you grant access to this resource, then users can use this REST URI (provided that they have access to the REST management interface).
Status resources
The status resources control access to status reporting for various aspects of appliance operation. Giving a user read access to a status resource enables them to use the show CLI command for that resource, or to use a REST query to recover the status of that resource.
| Resource category | Resource | Resource profile URI | CLI command | REST URI |
|---|---|---|---|---|
| Main | Active services | status/active-services | show services | /mgmt/status/default/ServicesStatus |
| Main | Active Users | status/active-users | show users | /mgmt/status/default/ActiveUsers |
| Main | Date and Time | status/date-time | show time | /mgmt/status/default/DateTimeStatus |
| Main | Logging Targets | status/logging-target | show logging status | /mgmt/status/default/LogTargetStatus |
| Main | Object Status | status/object-status | show op-state | /mgmt/status/default/ObjectStatus |
| Main | Services Memory Usage | status/memory-services | show services-memory | /mgmt/status/default/ServicesMemoryStatus2 |
| Configuration | Domain Status | status/domain-status | show domains | /mgmt/status/default/DomainStatus |
| System | Failure Notification | status/failure-notification | show failure-notification-status | /mgmt/status/default/FailureNotificationStatus2 |
| System | Filesystem Information | status/filessystem | show filesystem | /mgmt/status/default/FilesystemStatus |
| System | Firmware Information | status/firmware | show firmware | /mgmt/status/default/FirmwareStatus2 |
| System | Firmware Information | status/ firmware-deprecated | - | /mgmt/status/default/FirmwareStatus |
| System | Version Information | status/firmware-version | show firmware-version | /mgmt/status/default/FirmwareVersion3 |
| System | Version Information | status/firmware-version-deprecated | - | /mgmt/status/default/FirmwareVersion2 |
| System | Hypervisor Information | status/hypervisor | show hypervisor | /mgmt/status/default/Hypervisor2 |
| System | IPMI SEL Events | status/ipmi-sel-events | show ipmi-sel-events | /mgmt/status/default/IPMISelEvents |
| System | Device Features | status/license | show features | /mgmt/status/default/LicenseStatus |
| System | Other Sensors | status/other-sensors | show sensors-other | /mgmt/status/default/OtherSensors |
| System | PCI Bus | status/pcibus | show pci-bus | /mgmt/status/default/PCIBus |
| System | RAID Array Status | status/raid-array | show raid-array | /mgmt/status/default/RaidArrayStatus |
| System | RAID Battery Backup Unit Status | status/raid-battery-module | show raid-battery-module | /mgmt/status/default/RaidBatteryModuleStatus |
| System | RAID Controller Status | status/raid-controller | show raid-controller | /mgmt/status/default/RaidControllerStatus |
| System | RAID Logical Drive Status | status/raid-logical-drive | show raid-logical-drive | /mgmt/status/default/RaidLogicalDriveStatus |
| System | RAID Physical Drive Status | status/raid-physical-drive | show raid-physical-drive | /mgmt/status/default/RaidPhysicalDriveStatus |
| System | SSD Status Information | status/raid-ssd | show raid-ssd | /mgmt/status/default/RaidSsdStatus |
| System | Fan Sensors | status/sensors-fans | show sensors-fans | /mgmt/status/default/EnvironmentalFanSensors |
| System | CPU usage | status/system-cpu | show system-cpu | /mgmt/status/default/SystemCpuStatus |
| System | Memory usage | status/system-memory | show system-memory | /mgmt/status/default/SystemMemoryStatus |
| System | Temperature Sensors | status/temperature | show sensors-temperature | /mgmt/status/default/TemperatureSensors |
| System | Virtual Appliance Information | status/virtual-platform | show virtual-platform | /mgmt/status/default/VirtualPlatform2 |
| System | Voltage Sensors | status/voltage | show sensors-voltage | /mgmt/status/default/VoltageSensors |
| System | Current Sensors | status/current | show sensors-current | /mgmt/status/default/CurrentSensors |
| IP-Network | Link Aggregation Status | status/agg | show link-aggregation-status | /mgmt/status/default/LinkAggregationStatus |
| IP-Network | DNS Cached Hosts | status/dns-cache-host | show dns-cache | /mgmt/status/default/DNSCacheHostStatus4 |
| IP-Network | DNS Servers | status/dns-name-server | show name-servers | /mgmt/status/default/DNSNameServerStatus2 |
| IP-Network | DNS Search Domains | status/dns-search-domain | show search-domains | /mgmt/status/default/DNSSearchDomainStatus |
| IP-Network | DNS Static Hosts | status/dns-static-host | show static-hosts | /mgmt/status/default/DNSStaticHostStatus |
| IP-Network | Ethernet Counters | status/ethernet-counters | show ethernet-counters | /mgmt/status/default/EthernetCountersStatus |
| IP-Network | Ethernet MAU | status/ethernet-mau | show ethernet-mau | /mgmt/status/default/EthernetMAUStatus |
| IP-Network | Ethernet MII Registers | status/ethernet-mii-registers | show ethernet-mii-registers | /mgmt/status/default/EthernetMIIRegisterStatus |
| IP-Network | IGMP Status | status/igmp-table | show igmp-table | /mgmt/status/default/IGMPStatus |
| IP-Network | IP address status | status/ipaddress | show ipaddress | /mgmt/status/default/IPAddressStatus |
| IP-Network | Link status | status/link | show link | /mgmt/status/default/LinkStatus |
| IP-Network | Link Aggregation Member Status | status/link-aggregation-member | show link-aggregation-member-status | /mgmt/status/default/LinkAggregationMemberStatus |
| IP-Network | Load Balancer Status | status/loadbalancer-status | show loadbalancer-status | /mgmt/status/default/LoadBalancerStatus2 |
| IP-Network | ND Cache Table | status/ND-cache2 | show ndcache | /mgmt/status/default/NDCacheStatus2 |
| IP-Network | Network Interfaces | status/networkinterface | show network-interface | /mgmt/status/default/NetworkInterfaceStatus |
| IP-Network | Port Status | status/port-status | - | /mgmt/status/default/ |
| IP-Network | Routing Table | status/routing3 | show route | /mgmt/status/default/RoutingStatus3 |
| IP-Network | TCP Port Summary | status/tcp-connections | show tcp-connections | /mgmt/status/default/TCPSummary |
| IP-Network | TCP Port Status | status/tcp-table | show tcp-table | /mgmt/status/default/TCPTable |
| IP-Network | VLAN Interface Status | status/vlan2 | show vlan-status | /mgmt/status/default/VlanInterfaceStatus2 |
| Other Network | NTP Refresh Status | status/ntp-refresh | show ntp-refresh | /mgmt/status/default/NTPRefreshStatus |
| Other Network | SNMP Status | status/snmp-status | show snmp-status | /mgmt/status/default/SNMPStatus |
 Other Network |
Fibre Channel Host Bus Adapter |
status/fibre-channel-hba |
show fibre-channel-hba-status |
/mgmt/status/default/FibreChannelHBAStatus |
| Other Network |
Discovered Fibre Channel LUNs |
status/fibre-channel-luns |
show fibre-channel-luns |
/mgmt/status/default/FibreChannelLuns |
| Other Network |
Fibre Channel Volumes |
status/fibre-channel-volume-status |
show fibre-channel-volume-status |
/mgmt/status/default/FibreChannelVolumeStatus |
| Crypto | Cryptographic Mode Status | status/crypto-mode | show crypto-mode | /mgmt/status/default/CryptoModeStatus |
| Crypto | SSH Known Host Table | status/trusted-hosts | show known-hosts | /mgmt/status/default/SSHTrustedHostStatus |
| MQ | MQ System Resources | status/mq-resources | show mq-resources | /mgmt/status/default/MQSystemResources2 |
| MQ | Queue Managers Status | status/qm-status | show qm-status | /mgmt/status/default/QueueManagersStatus |
Configuration resources
The configuration resources give access to those resources that are used to configure the
appliance. Giving a user permissions (read, write, add, and delete as required) to a configuration
resource enables them to work with configuration objects, using the web UI, or the CLI commands or
REST URIs as listed in the following table.
| Resource category | Resource | Resource profile URI | CLI command | REST URI |
|---|---|---|---|---|
| Network Settings | DNS Settings | network/dns | config/dns | /mgmt/config/default/DNSNameService |
| Network Settings | Host Alias | network/host-alias | config/host-alias | /mgmt/config/default/HostAlias |
| Network Settings | Ethernet Interface | network/interface | config/ethernet | /mgmt/config/default/EthernetInterface |
| Network Settings | Link Aggregation Interface | network/link-aggregation | config/link-aggregation | /mgmt/config/default/LinkAggregation |
| Network Settings | Load Balancer Group | network/loadbalancer-group | config/loadbalancer-group | /mgmt/config/default/LoadBalancerGroup |
| Network Settings | Network Settings | network/network | config/network | /mgmt/config/default/NetworkSettings |
| Network Settings | NTP Service | network/ntp-service |
config/ntp-service config/ntp [deprecated] |
/mgmt/config/default/NTPService |
| Network Settings | VLAN Interface | network/vlan | config/vlan | /mgmt/config/default/VLANInterface |
| Network Settings |
Fibre Channel Volume |
network/fibre-channel-volume |
config/fibre-channel-volume |
/mgmt/config/default/FibreChannelVolume |
| Service Configuration | License Agent | services/ilmt-agent | config/ilmt-agent | /mgmt/config/default/ILMTAgent |
| Crypto Configuration | Crypto Certificate | crypto/cert | config/crypto/certificate | /mgmt/config/default/CryptoCertificate |
| Crypto Configuration | Crypto Certificate Monitor | crypto/cert-monitor | config/crypto/cert-monitor | /mgmt/config/default/CertMonitor |
| Crypto Configuration | CRL Retrieval | crypto/crl | config/crypto/crl | /mgmt/config/default/CRLFetch |
| Crypto Configuration | Crypto Identification Credentials | crypto/idcred | config/crypto/idcred | /mgmt/config/default/CryptoIdentCred |
| Crypto Configuration | Crypto Key | crypto/key | config/crypto/key | /mgmt/config/default/CryptoKey |
| Crypto Configuration | SSH Server Profile | crypto/sshserverprofile | config/crypto/sshserverprofile | /mgmt/config/default/SSHServerProfile |
| Crypto Configuration | Crypto Shared Secret Key | crypto/sskey | config/crypto/sskey | /mgmt/config/default/CryptoSSKey |
| Crypto Configuration | SSL Client Profile | crypto/ssl-client | config/crypto/ssl-client | /mgmt/config/default/SSLClientProfile |
| Crypto Configuration | SSL Server Profile | crypto/ssl-server | config/crypto/ssl-server | /mgmt/config/default/SSLServerProfile |
| Crypto Configuration | SSL Host Name Mapping | crypto/ssl-sni-mapping | config/crypto/ssl-sni-mapping | /mgmt/config/default/SSLSNIMapping |
| Crypto Configuration | SSL SNI Server Profile | crypto/ssl-sni-server | config/crypto/ssl-sni-server | /mgmt/config/default/SSLSNIServerProfile |
| Crypto Configuration | Test Password Map | crypto/test-password-map | config/crypto/test password-map | /mgmt/config/default/TestPasswordMap |
| Crypto Configuration | Crypto Validation Credentials | crypto/valcred | config/crypto/valcred | /mgmt/config/default/CryptoValCred |
| Device Management | IPMI LAN Channel | mgmt/ipmi-lan-channel | config/ipmi-lan-channel | /mgmt/config/default/IPMILanChannel |
| Device Management | IPMI User | mgmt/ipmi-user | config/ipmi-user | /mgmt/config/default/IPMIUser |
| Device Management | REST Management Interface | mgmt/rest-mgmt | config/rest-mgmt | /mgmt/config/default/RestMgmtInterface |
| Device Management | SSH Service | mgmt/ssh | config/ssh | /mgmt/config/default/SSHService |
| Device Management | Web Management Service | mgmt/web-mgmt |
config/web-mgmt config/save-config overwrite |
/mgmt/config/default/WebGUI |
| Access Settings | Access Control List | access/acl | config/acl | /mgmt/config/default/AccessControlList |
| Access Settings | LDAP Search Parameters | access/ldap-search-parameters | config/ldap-search-parameters | /mgmt/config/default/LDAPSearchParameters |
| Access Settings | RBM Settings | access/rbm | config/rbm | /mgmt/config/default/RBMSettings |
| Access Settings | SNMP Settings | access/snmp | config/snmp | /mgmt/config/default/SNMPSettings |
| Access Settings | User Group | access/usergroup | config/usergroup | /mgmt/config/default/UserGroup |
| Access Settings | User Account | access/username | config/user | /mgmt/config/default/User |
| Configuration Management | Password Map Alias | config/password-alias | config/password-alias | /mgmt/config/default/PasswordAlias |
| Configuration Management | Password Map | config/password-map | - | - |
| Logging Configuration | Audit Log Settings | logging/audit-log | config/audit-log-settings | /mgmt/config/default/AuditLog |
| Logging Configuration | Log Category | logging/category | config/logging category | /mgmt/config/default/LogLabel |
| Logging Configuration | Log Target | logging/target | config/logging target | /mgmt/config/default/LogTarget |
| System Settings | Failure Notification | system/failure-notification | config/failure-notification | /mgmt/config/default/ErrorReportSettings |
| System Settings | Language | system/language | config/language | /mgmt/config/default/Language |
| System Settings | RAID Array | system/raid-disk-volume | config/raid-volume | - |
| System Settings | System Settings | system/system |
config/system config/globallogipfilter |
/mgmt/config/default/SystemSettings |
| System Settings | Time Settings | system/timezone | config/timezone | /mgmt/config/default/TimeSettings |
| Monitoring | File system usage monitor | monitor/fs-usage-monitor | config/fs-usage-monitor | /mgmt/config/default/FileSystemUsageMonitor |
Action resources
The action resources control access to the resources used to perform actions on the appliance.
Give users execute permission on a resource to enable the corresponding action. Users can perform
the action by using the corresponding CLI command or by sending a request to the REST URI. All
action requests use the URI
/mgmt/actionqueue/default/operations. The REST column
in the following table gives the operation name used when constructing a payload to request an
action (see Triggering appliance operations by using the REST management interface).
| Resource category | Resource | Resource profile URI | CLI command | Operation name for REST request |
|---|---|---|---|---|
| Device Settings | Add IPMI BMC SEL Test Entry | device/add-ipmi-sel-test-entry | config/add-ipmi-sel-test-entry | AddSelTestEntry |
| Device Settings | Delete previous firmware install | device/boot-delete | config/flash/boot delete | BootDelete |
| Device Settings | Boot Image | device/boot-image | config/flash/boot image | ApplyPatch |
| Device Settings | Switch Install Image | device/boot-switch | config/flash/boot switch | BootSwitch |
| Device Settings | Boot Update | device/boot-update | config/flash/boot update | BootUpdate |
| Device Settings | Clear IPMI BMC SEL | device/clear-ipmi-sel | config/clear-ipmi-sel | ClearSel |
| Device Settings | Create Directory | device/create-dir | config/mkdir | CreateDir |
| Device Settings | Delete File | device/delete-file | config/delete | DeleteFile |
| Device Settings | Fetch File | device/fetch-file | config/copy | FetchFile |
| Device Settings | Initialize file system | device/initialize-raid-volume-filesystem | config/raid-volume-initialize-filesystem | - |
| Device Settings | Control Locate LED | device/locate-device | config/locate-device | - |
| Device Settings | Move File | device/move-file | config/move | MoveFile |
| Device Settings | Activate RAID Array | device/raid-activate | config/raid-activate | - |
| Device Settings | Delete RAID Array | device/raid-delete | config/raid-delete | - |
| Device Settings | Initialize RAID Array | device/raid-initialize | config/raid-initialize | - |
| Device Settings | Request Learning Cycle for BBU | device/raid-learn-battery | config/raid-learn-battery | - |
| Device Settings | Make hot spare for RAID Array | device/raid-make-hot-spare | config/raid-make-hot-spare | - |
| Device Settings | Rebuild RAID Array | device/raid-rebuild | config/raid-rebuild | - |
| Device Settings | Remove Directory | device/remove-dir | config/rmdir | RemoveDir |
| Device Settings | Send File | device/sendfile | config/send file | SendFile |
| Device Settings | Shut down | device/shutdown | config/shutdown | Shutdown |
| Device Settings | Set Time and Date | device/time-date | config/clock | SetTimeAndDate |
| Device Settings | VerifyFirmware | device/verify-firmware | config/flash/verify-firmware | VerifyFirmware |
| Device Settings | Control Locate LED | device/locate-device | config/locate-device | LocateDevice |
| Network Settings | Quiesce | network/quiesce | - | - |
| Network Settings | Unquiesce | network/unquiesce | - | - |
| Network Settings |
Initialize Filesystem on Fibre Channel Device |
network/fibre-channel-fs-init |
config/fibre-channel-fs-init |
InitFibreChannelFilesystem |
| Network Settings |
Repair Filesystem on Fibre Channel Volume |
network/fibre-channel-fs-repair |
config/fibre-channel-fs-repair |
RepairFibreChannelFilesystem |
| Network Settings |
Unlock Filesystem on Fibre Channel Volume |
network/fibre-channel-unlock-volume |
config/fibre-channel-unlock-volume |
UnlockFibreChannelVolume |
| Crypto Configuration | Add Password Map | crypto/add-password-map | config/crypto/password-map | AddPasswordMap |
| Crypto Configuration | Convert Crypto Certificate Object | crypto/convert-certificate | config/crypto/convert-certificate | ConvertCertificate |
| Crypto Configuration | Convert Crypto Key Object | crypto/convert-key | config/crypto/convert-key | ConvertKey |
| Crypto Configuration | Export Crypto Object | crypto/crypto-export | config/crypto/crypto-export | CryptoExport |
| Crypto Configuration | Import Crypto Object | crypto/crypto-import | config/crypto/crypto-import | CryptoImport |
| Crypto Configuration | Set Cryptographic Mode | crypto/crypto-mode-set | config/crypto/crypto-mode-set | CryptoModeSet |
| Crypto Configuration | Delete Password Map | crypto/delete-password-map | config/crypto/delete password-map | DeletePasswordMap |
| Crypto Configuration | Generate Key | crypto/keygen | config/crypto/keygen | Keygen |
| Crypto Configuration | Delete SSH Known Host | crypto/no-known-host | config/crypto/no client-known-host | DeleteKnownHost |
| Crypto Configuration | Delete SSH Known Host Table | crypto/no-known-host-table | config/crypto/no client-known-host-table | DeleteKnownHostTable |
| Crypto Configuration | No Password Map | crypto/no-password-map | config/crypto/no password-map | NoPasswordMap |
| Crypto Configuration | test-password-map | crypto/test-password-map | config/crypto/test password-map | TestPasswordMap |
| Access Settings | Change User Password | access/change-password | config/user-password | ChangePassword |
| Access Settings | Disconnect | access/disconnect | config/disconnect | Disconnect |
| Access Settings | Force Password Change | access/force-password-change | config/user-expire-password | UserForcePasswordChange |
| Access Settings | Reset Failed Login Counter | access/reset-failed-login | config/reset failed-login | UserResetFailedLogin |
| Access Settings | Reset Password | access/reset-username | config/reset username | UserResetPassword |
| Configuration Management | Execute Configuration | config/exec-config | config/exec | ExecConfig |
| Configuration Management | Password Map | config/password-map | - | - |
| Configuration Management | REST Export | config/rmi-export | - | Export |
| Configuration Management | REST Load Configuration | config/rmi-load-config | - | LoadConfiguration |
| Configuration Management | View Certificate Details | config/rmi-view-details | - | ViewCertificateDetails |
| Configuration Management | Save Configuration | config/save-config | config/write memory | SaveConfig |
| Configuration Management | Save Internal State | config/saveinternlstate | config/save internal-state | SaveInternalState |
|
Configuration Management |
Secure Backup | config/secure-backup | secure-backup | SecureBackup |
|
Configuration Management |
Secure Restore | config/secure-restore | secure-restore | SecureRestore |
| Configuration Management | Select Configuration | config/select-config | config/flash/boot config | SelectConfig |
| Configuration Management | Undo Configuration | config/undo-config | config/undo | UndoConfig |
| System Settings | Delete SSH Known Host | system/no-trusted-host | config/no known-host | DeleteTrustedHost |
| System Settings | Add SSH Known Host | system/trusted-host | config/known-host | AddTrustedHost |
| Cache Management | Flush ARP Cache | cache/flush-arp | config/clear arp | FlushArpCache |
| Cache Management | Flush DNS Cache | cache/flush-dns | config/clear dns-cache | FlushDNSCache |
| Cache Management | Flush ND Cache | cache/flush-ndcache | config/clear ndcache | FlushNDCache |
| Cache Management | Flush RBM Cache | cache/flush-rbm | config/clear rbm cache | FlushRBMCache |
| Cache Management | Flush Document | cache/refresh-document | - | RefreshDocument |
| Debug Settings | Disable hardware offload | debug/disable-aggregation-hardware-offload | config/disable-aggregation-hardware-offload | DisableLinkAggregationHardwareOffload |
| Debug Settings | Disable hardware offload | debug/disable-ethernet-hardware-offload | config/disable-ethernet-hardware-offload | DisableEthernetHardwareOffload |
| Debug Settings | Disable hardware offload | debug/disable-vlan-hardware-offload | config/disable-vlan-hardware-offload | DisableVLANHardwareOffload |
| Debug Settings | Generate Error Report | debug/error-report | config/save error-report | ErrorReport |
| Debug Settings | Start packet capture | debug/packet-capture |
config/ethernet <name>/packet-capture config/link-aggregation <name>/packet-capture config/packet-capture-advanced config/vlan <name>/packet-capture |
DisableLinkAggregationHardwareOffload
DisableEthernetHardwareOffload DisableVLANHardwareOffload ErrorReport PacketCapture PacketCaptureDebug StopPacketCapture LinkAggregationPacketCapture LinkAggregationStopPacketCapture UniversalPacketCaptureDebug UniversalStopPacketCapture VLANPacketCapture VLANStopPacketCapture |
| Debug Settings | Ping Remote | debug/ping |
config/ping
|
Ping |
| Debug Settings | Send Error Report | debug/send-error-report | config/send error-report | SendErrorReport |
| Debug Settings | Generate Log Event | debug/send-logevent | config/test logging | SendLogEvent |
| Debug Settings | Set Log Level | debug/set-loglevel | config/loglevel | SetLogLevel |
| Debug Settings | Enable RBM Debug Logging | debug/set-rbmlog | - | SetRBMDebugLog |
| Debug Settings | TCP Connection Test | debug/tcp-connection-test | config/test tcp-connection | TCPConnectionTest |
| Debug Settings | Hardware Diagnostics | debug/test-hardware | config/test hardware | TestHardware |
| Debug Settings | Disable Ethernet Hardware Offload | debug/disable-ethernet-hardware-offload | config/disable-ethernet-hardware-offload | DisableEthernetHardwareOffload |
| Debug Settings | Disable Link Aggregation Hardware Offload | debug/disable-aggregation-hardware-offload | config/disable-aggregation-hardware-offload | DisableLinkAggregationHardwareOffload |
| Debug Settings | Disable VLAN Hardware Offload | debug/disable-vlan-hardware-offload | config/disable-vlan-hardware-offload | DisableVLANHardwareOffload |
Admin only resources
The resources listed in the following table are only visible to, and usable by, the
admin user. You cannot alter access to these resources.
| Resource | Resource profile URI | CLI command |
|---|---|---|
| Diagnostics | Only available to admin user |
diagnostics |
| Trace Route | Only available to admin user |
traceroute |
| Clear Intrusion Detected | Only available to admin user |
clear intrusion-detected |
| Watchdog | Only available to admin user |
config/watchdog |
| Startup Configuration | Only available to admin user |
config/startup |
| Reinitialize | Only available to admin user |
config/flash/reinitialize |
| Service Nagle | Only available to admin user |
config/service nagle |
| Log Size | Only available to admin user |
config/logsize |
| System Log | Only available to admin user |
config/syslog |
Other resources
The following table lists the resources in the following groups:
- Login - permissions on these resources specify which interfaces users can use to interact with the appliance. There are no CLI commands or REST URIs associated with these resources.
- File management - permissions on these resources give users access to directories on the appliance.
- MQ configuration - permissions on these resources give users access to IBM MQ on the appliance.
The following CLI commands are always available to all users who can connect to the command line:
- echo
- exit
- help
- login
- top
- template
- config/dir
| Resource category | Resource | Resource profile URI | CLI command | REST URI |
|---|---|---|---|---|
| Login | SSH | login/ssh | - | - |
| Login | Web-Mgmt | login/web-mgmt | - | - |
| Login | Rest-Mgmt | login/rest-mgmt | - | - |
| File Management | local: | file/local | - | /mgmt/filestore/default/local |
| File Management | temporary: | file/temporary | - | /mgmt/filestore/default/temporary |
| File Management | store: | file/store | - | /mgmt/filestore/default/store |
| File Management | config: | file/config | - | /mgmt/filestore/default/config |
| File Management | image: | file/image | - | /mgmt/filestore/default/image |
| File Management | logstore: | file/logstore | - | /mgmt/filestore/default/logstore |
| File Management | logtemp: | file/logtemp | - | /mgmt/filestore/default/logtemp |
| File Management | audit: | file/audit | - | /mgmt/filestore/default/audit |
| File Management | tasktemplates: | file/tasktemplates | - | /mgmt/filestore/default/tasktemplates |
| File Management | cert: | file/cert | - | /mgmt/filestore/default/cert |
| File Management | pubcert: | file/pubcert | - | /mgmt/filestore/default/pubcert |
| File Management | sharedcert: | file/sharedcert | - | /mgmt/filestore/default/sharedcert |
| File Management | export: | file/export | - | /mgmt/filestore/default/export |
| File Management | mqbackup: | file/mqbackup | /mgmt/filestore/default/mqbackup | |
| File Management | mqdiag: | file/mqdiag | /mgmt/filestore/default/mqdiag | |
| File Management | mqerr: | file/mqerr | /mgmt/filestore/default/mqerr | |
| File Management | mqpubcert: | file/mqpubcert | /mgmt/filestore/default/mqpubcert | |
| File Management | mqqmdata: | file/mqqmdata | /mgmt/filestore/default/mqqmdata | |
| File Management | mqtemporary: | file/mqtemporary | /mgmt/filestore/default/mqtemporary | |
| File Management | mqtrace: | file/mqtrace | /mgmt/filestore/default/mqtrace | |
| File Management | mqwebui: | file/mqwebui | /mgmt/filestore/default/mqwebui | |
| File Management | fcvolumes: | file/fcvolumes | /mgmt/filestore/default/fcvolumes | |
| MQ Configuration | MQ CLI Administration | mq/cli | mqcli | - |
| MQ Configuration | MQ Web Administration | mq/webadmin | - | - |
| MQ Configuration | MQ Web User | mq/webuser | - | - |
| MQ Configuration | MQ MFT Administration | mq/mftwebadmin | - | - |