About user groups – HP XP Array Manager Software User Manual
Page 73
• Assigning resource groups and roles to a user group
About user groups
A user group consists of one or more users having the same permissions (role) for the same resources.
An external authentication group can also be used as a user group. There are also built-in resource
and user groups for administrative convenience.
For a user group, one or more resource groups are added, and a role assigned for each resource
group. The types of roles are:
•
Admin
•
Modify
•
View
•
Custom
User group members will be able to work with each resource group according to the assigned role
(permissions) for the resource group. For example, a user group member with view access to a resource
group can monitor, but not change the resource. Also note the following:
•
A user can belong to multiple user groups, each with assigned resource groups and roles
•
A user belonging to a built-in user group cannot be registered to another user group
•
A resource group can be registered to multiple user groups
If hosts and volumes are managed as logical groups that correspond to businesses or organizations
and the logical groups are registered as private logical groups, only users who belong to the same
user group will be able to use the logical groups.
The default (built-in) user groups assigned to the All Resources resource group (also built-in) are:
•
AdminGroup (role: Admin and the permission for creating resource groups)
•
ModifyGroup (role: Modify)
•
ViewGroup (role: View)
•
PeerGroup (role: Peer. This user group cannot be assigned to a resource group)
Two special case user group assignments exist:
•
The built-in account (user ID: HaUser) used by Device Manager agents is set to the PeerGroup
immediately after the installation is completed, but can be set to another group later. To assign
the Peer role to a user, register the user in PeerGroup.
•
Authorized groups that have been registered to HP XP7 Command View Advanced Edition products
can be used as user groups. Roles assigned to authorized groups are also applied to users who
belong to nested groups.
For an HP XP7 or HP P9500 storage system, if different roles are set as follows, the role set for each
resource group is applied to all resource groups within the same storage system.
•
When multiple resource groups in the same storage system are assigned to one user group, and
a different role has been set for each resource group.
•
When a user belongs to multiple user groups, and a different role has been set for the resource
groups in the same storage system.
If the storage system is not an HP XP7 or HP P9500 the previous scenario does not apply. For example,
in the following figure, User A and User B can access each resource group (RG) with the following
roles, respectively.
User A can access RG1, RG2, and RG3 with the Admin, Audit Log Administrator (View & Modify)
and Security Administrator (View Only) roles. User B can access RG3 with the Security Administrator
(View & Modify) role, and access RG4 with the View role.
User Guide
73