Controlling access to resources, About access control – HP XP Array Manager Software User Manual
Page 67
•
The XP7 Command View AE user group must exist on the external authentication (authorization)
server. It is recommended that domain and group information, as required below, be acquired
from the external authentication server administrator.
1.
From the Administration tab, select Users and Permissions.
2.
Click the Groups folder to display the Domain List. This is a list of external authentication servers
listed by domain name, and host name or IP address. If the Groups folder is not displayed, see
the pre-requisites above.
3.
Select the desired Domain Name to display the Group List, which may be empty ('No Groups'
is displayed). Click Add Groups.
4.
Enter the Distinguished Name for the group. Use Check DN to verify a correct DN entry. Click
Ok to save your group and re-display the Group List. Note that the Group Name is derived from
the entered DN. To specify multiple groups, note that:
• You can add multiple DNs at the same time using the "+" button
• If multiple DNs are listed, you can remove an entry with the "-" button
• Reset clears all DN entries
5.
From the Group List, click the Group Name link, then click Change Permission and set the XP7
Command View AE permissions for the group (repeat this for each new group).
6.
Your groups will now be visible from the Administration tab, User Groups. You can affiliate the
groups with resource groups and roles, just like XP7 Command View AE user groups. If you
delete external authentication groups from Users and Permissions at a later time, the groups are
also removed from the User Groups list.
On the next login attempt by each group member, the users login credentials (User ID and Password)
will be validated using the external authentication (authorization) server.
TIP:
To delete registered authorization groups, select the check boxes of the groups to be deleted, and
then click Delete Groups.
Related topics
• About user accounts and controlling access to resources
• Configuring external authentication for users
• User ID and password policies
Controlling access to resources
This module describes how to control access to resources.
About access control
Within a managed SAN environment, user accounts are created, added to user groups, and the user
groups affiliated with resource groups and assigned roles to provide controlled access to functionality
available in Device Manager and Tiered Storage Manager (GUI).
•
A user group consists of local user accounts, or accounts from external authentication systems
User Guide
67