| Description | This object indicates if there is a scope restriction
for this role.
If the value of this object is 'none', then there no
scope restriction.
If it is 'vsan', the two objects commonRoleScope1 and
commonRoleScope2 provide the list of Virtual Storage
Area Networks (VSANs) which this role can access. The
object commonRoleScope1 provides list of VSANs from 0
through 2047 and commonRoleScope2 provides from 2048
through 4095. Each octet within the value of the the two
objects specifies a set of eight VSANs. The first octet
specifies VSANs 0 through 7 for commonRoleScope1 and
VSANs 2048 through 2054 for commonRoleScope2. Similarly,
the second octet specifies VSANs 8 through 15 and VSANs
2055 through 2062 for commonRoleScope2, etc. Within each
octet, the most significant bit represents the lowest
numbered VSAN, and the least significant bit represents
the highest numbered VSAN. Thus, each VSAN, is
represented by a single bit within the value of this
object. A role can access a VSAN if and only if that bit
has a value of '1'. If these objects have a value which
are less than 256 bytes long, then the VSANs which are
not represented are not considered to be in these list.
If both the scope objects are zero-length strings, then
this role can not access any VSANs if this object is
`vsan'. The role can access all the VSANs if the this
object is 'none'. Also, both commonRoleScope1 and
commonRoleScope2 are invalid if this object is 'none'.
Other means of restricting the scope of a role can be
defined in the future by extending this object with
additional enumerations. Each such addition will
define the restriction and any parameters it might
have, which might or might not be specified via the
corresponding values of commonRoleScope1 and
commonRoleScope2. |