Methods and devices are provided for role-based access control of network devices. The network devices may constitute the fabric of a storage area network ("SAN") that has been logically partitioned into virtual storage area networks ("VSANs") that are allocated to various administrators. Roles assigned according to preferred aspects of the invention do not need to be hierarchical, but are customized according to administrators' needs.