Controlling access to resources, About access control – HP XP Array Manager Software User Manual
Page 178
•
The Command View AE Suite user group must exist on the external authentication (authorization)
server. It is recommended that domain and group information, as required below, be acquired
from the external authentication server administrator.
1.
From the Administration tab, select Users and Permissions.
2.
Click the Groups folder to display the Domain List. This is a list of external authentication servers
listed by domain name, and host name or IP address. If the Groups folder is not displayed, see
the pre-requisites above.
3.
Select the desired Domain Name to display the Group List, which may be empty ('No Groups'
is displayed). Click Add Groups.
4.
Enter the Distinguished Name for the group. Use Check DN to verify a correct DN entry. Click
Ok to save your group and re-display the Group List. Note that the Group Name is derived from
the entered DN. To specify multiple groups, note that:
• You can add multiple DNs at the same time using the "+" button
• If multiple DNs are listed, you can remove an entry with the "-" button
• Reset clears all DN entries
5.
From the Group List, click the Group Name link, then click Change Permission and set the
Command View AE Suite permissions for the group (repeat this for each new group).
6.
Your groups will now be visible from the Administration tab, User Groups. You can affiliate the
groups with resource groups and roles, just like Command View AE Suite user groups. If you
delete external authentication groups from Users and Permissions at a later time, the groups are
also removed from the User Groups list.
On the next login attempt by each group member, the users login credentials (User ID and Password)
will be validated using the external authentication (authorization) server.
TIP:
To delete registered authorization groups, select the check boxes of the groups to be deleted, and
then click Delete Groups.
Related topics
• Configuring external authentication for users
Controlling access to resources
This module describes how to control access to resources.
About access control
Within a managed SAN environment, resources can be managed by resource and user groups by
using Device Manager and Tiered Storage Manager (GUI). Resource groups and user groups are
part of an access control policy that allows secure data handling in multi-tenant environments and
supports more efficient operations. Access control can be used for data center hosting services and
for managing departments within a company.
A resource group is a group of similar storage system resources (for example, storage systems, storage
ports, LDEV IDs, and parity groups).
Setting up HP StorageWorks P9000 Command View Advanced Edition Suite
178