HP XP Array Manager Software User Manual
Page 68
•
A resource group consists of storage system resources (storage systems, ports, LDEV IDs, and
parity groups)
•
Assigned roles for resource groups provide either full, partial, or read-only access to resource
group resources
This creates an access control policy that allows secure data handling in multi-tenant environments
and supports more efficient and secure operations. An access control policy can be used for:
•
Data center hosting services
•
Management of departments in an organization
•
Management of locations in an organization
A user group is a group of users who can access the same resources with the same user permissions.
Externally authenticated groups can also be used as user groups. When you assign resource groups
and roles (user permissions, such as Admin, Modify, View or Custom) to a user group, resources are
consistently controlled for the users in that group.
When the storage system is HP XP7, you can use custom roles to specify one or more roles and user
permissions at a more detailed, granular level. For example, you can allow:
•
Provisioning operations
•
Remote copy operations
•
System resource operations
•
Storage encryption key and authentication management
•
Audit log management
Resource groups can be created in this configuration only when the storage system is HP XP7, HP
P9500.
The following figure illustrates user groups and their permissions (standard Admin, Modify and View
roles) for accessing resources. The use of custom roles is not shown here, but is illustrated in the user
group topics. Custom roles provide more granular permissions to specific functionality.
For HP XP7,HP P9500 systems, physical configurations such as parity groups, and logical configurations
such as LDEV IDs, are used to create resource groups. After resource groups are created, they can
then be assigned to user groups.
Related topics
Setting up users and access control
68