Precautions when working with user groups, Roles, Precautions when working with user groups roles – HP XP7 Storage User Manual
Page 54: User registering example
For details about resource groups, see the HP XP7 Provisioning for Open Systems User Guide.
User registering example
•
The setting operations that affect the security of the whole system must be done by the
administrator.
•
The setting operations on the resource group 10 must be done by user A.
•
The setting operations on the resource group 20 must be done by user B.
To implement the above configuration, assign the users to the user groups as shown below.
Table 7 User registration example
Resource group to be assigned
to user group
Roles to be assigned to the user group
User group to be
registered
User
All Resource Groups Assigned
1
Security Administrator (View & Modify)
user group 1
Administrator
Resource group 10
Storage Administrator
2
user group 10
User A
Resource group 20
Storage Administrator
2
user group 20
User B
Notes:
1.
For the user group that is assigned the Security Administrator role, All Resource Groups Assigned is automatically
set to Yes.
2.
There are a few types of storage administrators. See
for more information.
Precautions when working with user groups
Before creating or manipulating user groups, read and understand the following precautions.
•
When a user is assigned to multiple user groups, the user has the permissions of all the roles
in each user group that are enabled on the resource groups assigned to each user group.
•
If a user has All Resource Groups Assigned set to Yes, the user can access all the resources
in the storage system. For example, if a user is a security administrator and a storage
administrator taking care of some resources, have all resource groups assigned, and has roles
of Security Administrator (View & Modify) and Storage Administrator (View & Modify), the
user can edit the storage for all the resources.
If this is a problem, the recommended solution is to register the following two user accounts
in the HP XP7 Storage system and use these different accounts for different purposes
◦
A security administrator user account that has All Resource Groups Assigned set to Yes.
◦
A storage administrator user account that does not have all resource groups assigned
and has only some of the resource groups assigned.
•
For the user groups whose roles are other than the Storage Administrator, All Resource Groups
Assigned is automatically set to Yes. If you delete all the roles except the Storage Administrator,
reassign resource groups to the user group because All Resource Groups Assigned is
automatically set to No. To assign resource groups to the user group, see
groups assigned to a user group” (page 66)
Roles
The following table shows all the roles that are available for use and the permissions that each
role provides to the users. You cannot create a custom role.
54
Setting up and managing user accounts