HP XP Array Manager Software User Manual
Page 60
Login with the System account to access user management in the Administration tab to create local
XP7 Command View AE user accounts. While creating user accounts, you can list available applications
(as installed on the management server) and set user permissions for those applications. Users must
also be added to at least one (possibly more) resource groups to determine the storage they can
access. Together, application permissions and resource group/user group membership determines
the scope of what the user can do in XP7 Command View AE.
NOTE:
If you are managing XP7 by directly logging into the Remote Web Console, we strongly recommend
that the user account information and access control information for storage resources be the same
for XP7 Command View AE and Remote Web Console.
If the storage system being registered is an HP XP7, by enabling user authentication in XP7 Command
View AE so that user accounts are authenticated when they log in to RAID Manager and the SVP,
user accounts can be centrally managed. If you are centrally managing user accounts from XP7
Command View AE, please note the following:
•
SSL communication must be configured between the Device Manager server and the storage system.
Also, you might need to add firewall exceptions between the Device Manager server and the
storage system. For details on implementing SSL communication and adding firewall exceptions
between the Device Manager server and the storage system, see the HP XP7 Command View
Advanced Edition Administrator Guide.
•
User accounts should be created with user names and passwords compatible with XP7 Command
View AE and the HP XP7 components.
•
If a user account that is used to perform operations by using RAID Manager or the SVP is already
registered in Remote Web Console, also register that user account in XP7 Command View AE.
Note that if XP7 Command View AE authentication of user accounts is disabled when logging into
RAID Manager or SVP, you must specify the same user account information and access control to
storage resources in both XP7 Command View AE and Remote Web Console.
You can also manage user accounts by linking to an external authentication server, such as an LDAP
directory server, RADIUS server, or Kerberos server. However, the built-in accounts (System and
HaUser) cannot be authenticated on an external authentication server. The XP7 Command View AE
user account used to connect to external authentication servers and external authorization servers is
managed as a Windows Active Directory (authorization) group. Permissions that are specified for
authorized groups are also applied to users who belong to nested groups.
Application permissions:
After adding basic user information such as username, password, email, and description, you set
permissions for available applications which could include, for example:
•
Tier management (CLI)
•
Replication management
•
Tuning management
Permissions include View, Execute, Modify, and Admin. These permissions control what the user can
do from the related tabs, and possibly elsewhere.
Users can assist in user management tasks by selecting the admin permission for the User Management
application. The user will be able to assist in:
•
Specifying user settings
•
Creating user groups for Device Manager and Tiered Storage Manager
•
Assigning resources and roles to user groups
Setting up users and access control
60