Catalog access rights, Entity access rights – HP Matrix Operating Environment Software User Manual
Page 24
At the catalog level, every request made to the SPM service is classified as being a specific type of
operation. See “
Table 1 Catalog access rights
Description
Access right
Grants a user or group general permission to make inquires about the entities
in the catalog. This access right is required to log into the SPM interface.
Catalog View
Grants a user or group general permission to make requests that add, remove,
or change entities in the catalog.
Catalog Modify
Grants a user or group permission to modify the catalog access control list,
including the owner. Grant this right only to users or groups that are considered
administrators, since anyone that can change the catalog owner can give
themselves unlimited access to SPM service.
Catalog Modify Secur-
ity
Grants a user or group permission to make requests that perform diagnostics
on the service. Grant this right only to administrators, and to HP support staff
when necessary.
Catalog Run Dia-
gnostics
The access control list (ACL) is the list of access rights granted to users or groups for either the catalog
or an entity. The owner of the catalog ACL has all access rights at both the catalog and entity level;
therefore, it has unlimited access in the system. Initially, the catalog owner is set to the local
Administrators group of the server running the SPM service. That is, only members of the local
Administrators group are able to log into SPM until more users and groups are granted catalog access.
At the entity level, every request involves reading or modifying entities. If the request access check at
the catalog level is successful, access checks against any involved entities are then performed. To
submit storage requests, the Insight Dynamics user requires Catalog Modify capabilities. The access
check against the user entity must find the appropriate capabilities to fulfill the request. Not all of the
entity access rights pertain to all entity types. See “
Table 2 Entity access rights
Description
Access right
Grants a user or group permission to view (read) properties of the associated
entity
Entity View
Grants a user or group permission to change the properties of the associated
entity
Entity Modify
Grants a user or group permission to modify the access control list of the asso-
ciated entity, including the owner
Entity Modify Secur-
ity
Grants a user or group permission to refresh information presented to SPM
from the resource
Resource Refresh
Grants a user or group permission to import volumes from an array.
Array Import Volumes
Grants a user or group permission to fulfill (bind) the associated service entity
(volume) with any volume goal
Service Bind
Grants a user or group permission to have SPM automate the changes to the
presentation of the associated volume when a referencing goal is updated
Volume Modify
Presentation
The entity ACL owner is given Entity View and Entity Modify Security access rights for
that entity. The default entity ACL owner is the requester that created the entity.
Configuring the storage catalog
24