About controlling access – HP XP Array Manager Software User Manual
Page 94
About controlling access
When a SAN environment is managed by storage administrators, resources are managed by resource
and user groups by the Device Manager and Tiered Storage Manager (GUI). This allows secure data
handling in multi-tenant environments and more efficient operations. Access control can be used for
data center hosting services and managing departments in a company.
A resource group is a group of similar storage system resources (storage systems, storage ports, LDEV
IDs, parity groups, etc.).
A user group is a group of users with the same permissions and range of access. Externally
authenticated groups can also be used as user groups. When assigning resource groups and roles
(collections of operation permissions such as Modify or View) to a user group, resources can be
controlled for the users in that group.
The resource group can be created in this configuration only when the storage system is HP
StorageWorks P9500 Disk Array. The following figure shows a typical scenario of user groups and
their associated permissions to access resources.
Physical configurations such as parity groups, and logical configurations such as LDEV IDs, can be
used to create resource groups. Resource groups can then be assigned to user groups.
The following is an example of using resource groups to control access in a HP StorageWorks P9500
Disk Array storage system.One method for division would be to seperate resources by company
location. For example, if you create resource groups based on locations, the administrators in each
location can use only the resources that have been assigned to them and are restricted from accidentally
accessing the resources of other locations.
Setting up P9000 Command View AE Suite
94