Controlling user resources – HP XP P9500 Storage User Manual
Page 50
Checking the execution authority
If the configuring commands authenticated are compared with the execution authorities of commands
configured on the user role and they do not correspond, RAID Manager rejects the command with
an error code "EX_EPPERM".
Normally, the user role needs to be the consistent and integrated authority among the large storage
systems. In case of HORCM instances that are configured by the multiple large storage systems,
the execution authorities are obtained by the serial number of the storage systems. If the user role
is for the multiple storage systems and is not consistent among these storage systems, RAID Manager
makes the integrated authority by performing the logical AND of the execution authorities among
the storage systems.
The target commands
RAID Manager checks execution authorities on the following commands that use command devices.
•
horctakeover, horctakeoff
•
paircreate, pairsplit, pairresync
•
raidvchkset
Controlling user resources
RAID Manager verifies the user who executes the command has been authenticated already. After
that, RAID Manager obtains the access authority of the resource groups that are configured on the
user roles, and then compares the access authority of the relevant user and the specified resources.
Checking resource authorities
If the access is not permitted by comparing the access authorities of the resource groups configured
on the user roles and the specified resource, RAID Manager rejects the command with an error
code "EX_EGPERM". If the resource groups are defined among the large storage systems, the
specified resource is compared with the resource specified by obtaining the access authority
configured to each large storage system.
Target commands
RAID Manager checks resource authorities on the following commands that use command devices.
•
raidcom commands (commands for setting configurations)
•
horctakeover, horctakeoff, paircurchk, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,
pairsyncwait, pairmon
•
raidscan (-find verify, -find inst, -find sync except for [d]), pairdisplay, raidar, raidqry (except
for -l and -r)
•
raidvchkset, raidvchkscan (except for -v jnl), raidvchkdsp
The relationship between the user authentication and the resource groups
In user authentication mode, RAID Manager verifies the access authority of the relevant resource
based on the user authentication and the role of it. Also, on the user authentication unnecessary
mode and the undefined resource groups, RAID Manager checks the access authorities shown in
the following table.
50
RAID Manager functions on P9500