Controlling user resources, The target commands, Checking resource authorities – HP XP7 Storage User Manual
Page 57: Target commands
The target commands
RAID Manager checks execution authorities on the following commands that use command devices.
•
horctakeover, horctakeoff
•
paircreate, pairsplit, pairresync
•
raidvchkset
Controlling user resources
RAID Manager verifies the user who executes the command has been authenticated already. After
that, RAID Manager obtains the access authority of the resource groups that are configured on the
user roles, and then compares the access authority of the user and the specified resources.
Checking resource authorities
If the access is not permitted by comparing the access authorities of the resource groups configured
on the user roles and the specified resource, RAID Manager rejects the command with an error
code "EX_EGPERM". If the resource groups are defined among the large storage systems, the
specified resource is compared with the resource specified by obtaining the access authority
configured to each large storage system.
Target commands
RAID Manager checks resource authorities on the following commands that use command devices.
•
raidcom commands (commands for setting configurations)
•
horctakeover, horctakeoff, paircurchk, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,
pairsyncwait, pairmon
•
raidscan (-find verify, -find inst, -find sync except for [d]), pairdisplay, raidar, raidqry (except
for -l and -r)
•
raidvchkset, raidvchkscan (except for -v jnl), raidvchkdsp
Relation between user authentication and resource groups
In user authentication mode, RAID Manager verifies the access authority of the relevant resource
based on the user authentication and the role of it. Also, on the user authentication unnecessary
mode and the undefined resource groups, RAID Manager checks the access authorities shown in
the following table.
Table 14 Relations between resource groups and command devices
Commands
Resources
raidcom
pairXX
1
Authenticated user
Not authenticated user
2
Authenticated user
Not authenticated user
2
Permitted by the
authority of resource ID
0
EX_EPPERM
4
Permitted by the
authority of resource
ID 0
Permitted
Undefined
resource
3
Permitted by the
authority of the relevant
resource ID
EX_EGPERM
4
EX_EPPERM
Permitted by the
authority of the
relevant resource ID
EX_EGPERM
4
Defined resource
Notes:
1.
Above-described commands except for the raidcom command
2.
User who uses the mode without the command authentication
3.
Undefined as the resource group
4.
Command execution is rejected by the relevant error
Command operation authority and user authentication
57