Connecting an identity and target – SANRAD I3.1.1205 User Manual
Page 146
7-28
SANRAD V-Switch CLI User Manual
Connecting an Identity and Target
If you are working in
a V-Switch cluster,
each Identity must be
connected to the
target(s) on both V-
Switches.
All CLI names and
aliases are case
sensitive
Once created, an identity must be connected to a target to provide it with
access control. An identity specifies which access rights the iSCSI
initiators within the Identity have to the target.
When an identity is connected to a target, it is also given a position. The
position of the identity determines its place in the V-Switch access rights
evaluation. An identity with the position 0 (default identity) is the last
identity evaluated when an initiator tries to access a volume. If the
initiator meets the profile of the identity, it is granted that identity ‘s access
rights. If not, the V-Switch continues to position 1. The V-Switch does not
scan all identities to determine which most specifically fits the host.
Therefore, identities must be positioned in decreasing specificity to
function correctly. The V-Switch scans for the first fit and not the best fit.
An identity can be connected to more than one target to provide the same
conditions for each target. Use the CLI command acl add to connect an
identity to a target.
acl add
You need to define four parameters to connect an identity to a target:
S
WITCH
P
ARAMETER
D
EFINITION
S
TATUS
E
XAMPLE
-ta
TARGET ALIAS
ALIAS OF TARGET
TO ATTACH TO
MANDATORY
finance
-id
IDENTITY
NAME OF
ACL
IDENTITY
MANDATORY
accounting
-acc
ACCESS
ACCESS RIGHTS TO
TARGET
:
DEFAULT
=
RW
RW
=
READ
-
WRITE
RO
=
READ
-
ONLY
NA
=
NOT
ACCESSIBLE
OPTIONAL
DEFAULT
=
RW
rw
-pos
POSITION
ACL
RANK IN
ACCESS RIGHT
EVALUATION SCAN
OPTIONAL
ASSIGNED LAST
POSITION IF
NOT SPECIFIED
1