Controlling access to resources, About access control, Access control examples for p9500 disk array – HP XP Racks User Manual

Page 111: 111 access control examples for p9500 disk array

Advertising
background image

delete external authentication groups from Users and Permissions at a later time, the groups are
also removed from the User Groups list.

On the next login attempt by each group member, the users login credentials (User ID and Password)
will be validated using the external authentication (authorization) server.

Controlling access to resources

This module describes how to control access to resources.

About access control

When a SAN environment is managed by storage administrators, resources are managed by resource
and user groups by the Device Manager and Tiered Storage Manager (GUI). This allows secure data
handling in multi-tenant environments and more efficient operations. Access control can be used for
data center hosting services and managing departments in a company.

A resource group is a group of similar storage system resources (storage systems, storage ports, LDEV
IDs, parity groups, etc.).

A user group is a group of users with the same permissions and range of access. Externally
authenticated groups can also be used as user groups. When assigning resource groups and roles
(collections of operation permissions such as Modify or View) to a user group, resources can be
controlled for the users in that group.

The resource group can be created in this configuration only when the storage system is P9500 Disk
Array. The following figure shows a typical scenario of user groups and their associated permissions
to access resources.

Physical configurations such as parity groups, and logical configurations such as LDEV IDs, can be
used to create resource groups. Resource groups can then be assigned to user groups.

Access control examples for P9500 Disk Array

The following is an example of using resource groups to control access in a P9500 Disk Array storage
system. One method for division would be to separate resources by company location. For example,
if you create resource groups based on locations, the administrators in each location can use only
the resources that have been assigned to them and are restricted from accidentally accessing the
resources of other locations.

User Guide

111

Advertising
This manual is related to the following products:

XP P9000 Command View Advanced Edition Software, XP Array Manager Software, XP Command View Advanced Edition Software

Popular Brands
Popular manuals