Controlling user role – HP XP7 Storage User Manual
Page 56
To enable the user authentication function, the user authentication mode of the command device
accessed by RAID Manager must be enabled.
The user authentication function inputs a login command from the client (server) and, to authenticate
the user ID and password sent from RAID Manager and the same types of information maintained
by the storage system, issues an authentication request to the authentication module (SVP).
If the user ID and password sent from RAID Manager are authenticated, RAID Manager, for the
once authenticated user (the user on the client starting up RAID Manager), stores the user ID and
password. This saves the necessity of inputting the user ID and password each time a command
is executed. If the user logs out, the user ID and password stored by RAID Manager are deleted.
If the user ID and password are different, the command is rejected and RAID Manager automatically
performs the logout processing for it, and requires the user authentication processing (user ID and
password input) again.
If you fail to perform user authentication using user ID and password sent from RAID Manager,
RAID Manager automatically perform logging out after the command is rejected by the command
device. In this case, the user authentication (user ID and password input) is required again.
NOTE:
•
The only function that can be used if the user authentication function is disabled is the
Replication function (replication command). If the user authentication function is disabled, the
Provisioning function (configuration setting command) cannot be used.
•
If specific user information or authority information is changed, delete the user ID and password
maintained by the storage system from the SVP. Therefore, perform the user authentication
processing on RAID Manager again.
•
If the communication with the SVP in the out-band method cannot be performed, the new
authentication cannot be performed.
Command operation authority and user authentication
When RAID Manager is used with the user authentication function enabled, commands are executed
complying with the operation authority managed by Remote Web Console and the SVP.
Controlling User Role
RAID Manager verifies whether or not the user executing the command on the host was already
authenticated by checking the command device being in the authentication mode. After that, RAID
Manager obtains the execution authority of the command that is configured on the user role, and
then compares the relevant command and the execution authority.
Checking the execution authority
If the configuring commands authenticated are compared with the execution authorities of commands
configured on the user role and they do not correspond, RAID Manager rejects the command with
an error code "EX_EPPERM".
Normally, the user role needs to be the consistent and integrated authority among the large storage
systems. In case of HORCM instances that are configured by the multiple large storage systems,
the execution authorities are obtained by the serial number of the storage systems. If the user role
is for the multiple storage systems and is not consistent among these storage systems, RAID Manager
makes the integrated authority by performing the logical AND of the execution authorities among
the storage systems.
56
RAID Manager functions on the P9500 and XP7 Storage