Controlling user resources, Checking resource authorities, Target commands – HP XP RAID Manager Software User Manual
Page 53: Target resources
Controlling user resources
RAID Manager verifies the user who executes the command has been authenticated already. After
that, RAID Manager obtains the access authority of the resource groups that are configured on the
user roles, and then compares the access authority of the relevant user and the specified resources.
Checking resource authorities
If the access is not permitted by comparing the access authorities of the resource groups configured
on the user roles and the specified resource, RAID Manager rejects the command with an error
code "EX_EGPERM". If the resource groups are defined among the large storage systems, the
specified resource is compared with the resource specified by obtaining the access authority
configured to each large storage system.
Target commands
RAID Manager checks resource authorities on the following commands that use command devices.
•
raidcom commands (commands for setting configurations)
•
horctakeover, horctakeoff, paircurchk, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,
pairsyncwait, pairmon
•
raidscan (-find verify, -find inst, -find sync except for [d]), pairdisplay, raidar, raidqry (except
for -l and -r)
•
raidvchkset, raidvchkscan (except for -v jnl), raidvchkdsp
The relationship between the user authentication and the resource groups
In user authentication mode, RAID Manager verifies the access authority of the relevant resource
based on the user authentication and the role of it. Also, on the user authentication unnecessary
mode and the undefined resource groups, RAID Manager checks the access authorities shown in
the following table.
Table 12 The relationship between the resource groups and the command devices
Commands
Resource Groups
raidcom
pairXX*1
Authenticated user
Not authenticated
user*2
Authenticated user
Not authenticated
user*2
Permitted by the
authority of resource
ID 0
EX_EPPERM
*4
Permitted by the
authority of resource
ID 0
Permitted
Undefined resource
group
*3
Permitted by the
authority of the
relevant resource ID
EX_EGPERM
*4
EX_EPPERM
Permitted by the
authority of the
relevant resource ID
EX_EGPERM
*4
Defined resource
group
*1
: Above-described commands except for the raidcom command
*2
: User who uses the mode without the command authentication
*3
: Undefined as the resource group
*4
: Command execution is rejected by the relevant error
Target resources
The following objects are arbitrarily defined as the resource groups by each user.
•
LDEV
•
Physical port
Command operation authority and user authentication
53