beautypg.com

Controlling user role – HP XP RAID Manager Software User Manual

Page 52

background image

The user authentication function inputs a login command from the client (server) and, to authenticate
the user ID and password sent from RAID Manager and the same types of information maintained
by the storage system, issues an authentication request to the authentication module (SVP).

If the user ID and password sent from RAID Manager are authenticated, RAID Manager, for the
once authenticated user (the user on the client starting up RAID Manager), stores the user ID and
password. This saves the necessity of inputting the user ID and password each time a command
is executed. If the user logs out, the user ID and password stored by RAID Manager are deleted.

If the user ID and password are different, the command is rejected and RAID Manager automatically
performs the logout processing for it, and requires the user authentication processing (user ID and
password input) again.

NOTE:

The only function that can be used if the user authentication function is disabled is the
Replication function (replication command). If the user authentication function is disabled, the
Provisioning function (configuration setting command) cannot be used.

If specific user information or authority information is changed, delete the user ID and password
maintained by the storage system from the SVP. Therefore, perform the user authentication
processing on RAID Manager again.

If the communication with the SVP in the out-band method cannot be performed, the new
authentication cannot be performed.

Command operation authority and user authentication

If RAID Manager is operated with the user authentication function enabled, commands are executed
complying with the operation authority managed by Remote Web Console and the SVP.

Controlling User Role

RAID Manager verifies whether or not the user executing the command on the host was already
authenticated by checking the command device being in the authentication mode. After that, RAID
Manager obtains the execution authority of the command that is configured on the user role, and
then compares the relevant command and the execution authority.

Checking the execution authority

If the configuring commands authenticated are compared with the execution authorities of commands
configured on the user role and they do not correspond, RAID Manager rejects the command with
an error code "EX_EPPERM".

Normally, the user role needs to be the consistent and integrated authority among the large storage
systems. In case of HORCM instances that are configured by the multiple large storage systems,
the execution authorities are obtained by the serial number of the storage systems. If the user role
is for the multiple storage systems and is not consistent among these storage systems, RAID Manager
makes the integrated authority by performing the logical AND of the execution authorities among
the storage systems.

The target commands

RAID Manager checks execution authorities on the following commands that use command devices.

horctakeover, horctakeoff

paircreate, pairsplit, pairresync

raidvchkset

52

RAID Manager functions on P9500

This manual is related to the following products: