About managing users, User operation permissions, 104 user operation permissions – HP XP Racks User Manual
Page 104
About managing users
Managing users by setting up resource groups and permissions (roles) for user groups allows resource
control to be performed for users in the user groups.
Two built-in user accounts are automatically established when HP StorageWorks P9000 Command
View Advanced Edition Suite is installed. Note that Device Manager (GUI and CLI) and Tiered Storage
Manager (GUI) users must be registered and assigned to a user group. For Tiered Storage Manager
(CLI) other Command View AE Suite products, the permitted range of operations for each user can
be limited by registering the user as a login user and setting user permissions. The user management
window makes it possible to manage user accounts that are common to all products. Specifically:
•
The System account (default password:
manager
) is used to manage Command View AE Suite
operations and all HP StorageWorks P9000 Command View Advanced Edition Suite user accounts.
•
The HaUser account (default password:
haset
) is the default user account used by Device Manager
agents. The default permission for the HaUser account is Peer and the PeerGroup is set for the
HaUser account. The HaUser account belongs to PeerGroup as soon as the installation completes.
You log in by using the System account to access the user management window and to manage user
access to storage systems registered in Command View AE Suite.
You can also manage user accounts by linking to an external authentication server, such as an LDAP
directory server, RADIUS server, or Kerberos server. However, the built-in accounts (System and
HaUser) cannot be authenticated on an external authentication server.
The Command View AE Suite user account used to connect to external authentication servers and
external authorization servers is managed as a Windows Active Directory (authorization) group.
Permissions that are specified for authorized groups are also applied to users who belong to nested
groups.
User operation permissions
User permissions determine the scope of resources and operations a user can access or perform.
By specifying roles in Device Manager and Tiered Storage Manager (GUI), resources that belong to
a resource group for which a user has permission to reference or operate on are displayed. The user
can perform GUI operations or reference information for the displayed resources.
User Management permissions make it possible to log in to all Command View AE Suite products,
and allow for usage of the user management function and security management function for all
Command View AE Suite products. The User Management permissions also allow users to create user
groups for Device Manager and Tiered Storage Manager, and output user groups and user information
in CSV format. If the Admin permissions are assigned to All Resources, the User Management
permissions also enable users to assign resources and roles to user groups.
In Device Manager and Tiered Storage Manager, operation permissions are granted by assigning
resource groups and roles to a user group. The above method can be used for operation permissions
for the Device Manager GUI, Device Manager CLI, and Tiered Storage Manager GUI. To grant
permissions for Tiered Storage Manager CLI, on the other hand, you must grant permissions to each
user rather than assign roles. The table below describes the types of roles and the operations that can
be performed when those roles are assigned. Note that Tiered Storage Manager operations can be
performed only when the user has a Tiered Storage Manager license.
Setting up HP StorageWorks P9000 Command View Advanced Edition Suite
104