Viewing access rights, Changing the default identity – SANRAD I3.1.1205 User Manual

7-14

SANRAD V-Switch CLI User Manual

Viewing Access Rights

After creating a target, use the CLI command acl show to view the target’s
automatically connected default identity.

acl show

Table 7-3:

Default Identity Target Access

Target Position

Identity

Access

finance 0

DEF_ALL read-write

musicbox 0

DEF_ALL

not

accessible

musicbox 1

musicdept read-write

Changing the Default Identity

If you are working in

a V-Switch cluster,

the default access

rights must be

disabled on both V-

Switches.

In the event of a

failover, if the default

access rights are not

modified on both V-

Switches, all volumes

attached to the target

will be read-write

accessible to all

iSCSI initiators.

When a target is created, a default access control identity is automatically
assigned to its position 0. The default identity allows all hosts read-write
access to the target and its underlying volume(s).

If you want to specify other access rights, you must change the general
read-write access. Use the CLI command acl set to modify a target’s
access rights and identity position.

If you add or modify identities on a target after its volumes have been
exposed, the access rights will take effect only at the next login for each
iSCSI initiator. Therefore, it is recommended to modify the default access
rights for a target first before creating new identities to insure that it will
not inadvertently be exposed to all iSCSI initiators in the beginning.

acl set