Controlling access to resources, About access control – HP XP Command View Advanced Edition Software User Manual

•

The Command View AE Suite server must be linked to an external authentication (authorization)
server. See the HP P9000 Command View Advanced Edition Suite Software Administrator Guide.

•

The Command View AE Suite server must be configured to support group authentication, which
activates the Groups folder in the GUI.

•

The Command View AE Suite user group must exist on the external authentication (authorization)
server. It is recommended that domain and group information, as required below, be acquired
from the external authentication server administrator.

1.

From the Administration tab, select Users and Permissions.

2.

Click the Groups folder to display the Domain List. This is a list of external authentication servers
listed by domain name, and host name or IP address. If the Groups folder is not displayed, see
the pre-requisites above.

3.

Select the desired Domain Name to display the Group List, which may be empty ('No Groups'
is displayed). Click Add Groups.

4.

Enter the Distinguished Name for the group. Use Check DN to verify a correct DN entry. Click
Ok to save your group and re-display the Group List. Note that the Group Name is derived from
the entered DN. To specify multiple groups, note that:
• You can add multiple DNs at the same time using the "+" button
• If multiple DNs are listed, you can remove an entry with the "-" button
• Reset clears all DN entries

5.

From the Group List, click the Group Name link, then click Change Permission and set the Com-
mand View AE Suite permissions for the group (repeat this for each new group).

6.

Your groups will now be visible from the Administration tab, User Groups. You can affiliate the
groups with resource groups and roles, just like Command View AE Suite user groups. If you
delete external authentication groups from Users and Permissions at a later time, the groups are
also removed from the User Groups list.

On the next login attempt by each group member, the users login credentials (User ID and Password)
will be validated using the external authentication (authorization) server.

TIP:

To delete registered authorization groups, select the check boxes of the groups to be deleted, and
then click Delete Groups.

Controlling access to resources

This module describes how to control access to resources.

About access control

When a SAN environment is managed by storage administrators, resources are managed by resource
and user groups by the Device Manager and Tiered Storage Manager (GUI). This allows secure data
handling in multi-tenant environments and more efficient operations. Access control can be used for
data center hosting services and managing departments in a company.

A resource group is a group of similar storage system resources (storage systems, storage ports, LDEV
IDs, parity groups, etc.).

A user group is a group of users with the same permissions and range of access. Externally
authenticated groups can also be used as user groups. When assigning resource groups and roles

Setting up HP StorageWorks P9000 Command View Advanced Edition Suite

126