Controlling user resources, Checking resource authorities, Target commands – HP XP RAID Manager Software User Manual

Controlling user resources

RAID Manager verifies the user who executes the command has been authenticated already. After
that, RAID Manager obtains the access authority of the resource groups that are configured on the
user roles, and then compares the access authority of the relevant user and the specified resources.

Checking resource authorities

If the access is not permitted by comparing the access authorities of the resource groups configured
on the user roles and the specified resource, RAID Manager rejects the command with an error
code "EX_EGPERM". If the resource groups are defined among the large storage systems, the
specified resource is compared with the resource specified by obtaining the access authority
configured to each large storage system.

Target commands

RAID Manager checks resource authorities on the following commands that use command devices.

•

raidcom commands (commands for setting configurations)

•

horctakeover, horctakeoff, paircurchk, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,
pairsyncwait, pairmon

•

raidscan (-find verify, -find inst, -find sync except for [d]), pairdisplay, raidar, raidqry (except
for -l and -r)

•

raidvchkset, raidvchkscan (except for -v jnl), raidvchkdsp

The relationship between the user authentication and the resource groups

In user authentication mode, RAID Manager verifies the access authority of the relevant resource
based on the user authentication and the role of it. Also, on the user authentication unnecessary
mode and the undefined resource groups, RAID Manager checks the access authorities shown in
the following table.

Table 12 The relationship between the resource groups and the command devices

Commands

Resource Groups

raidcom

pairXX*1

Authenticated user

Not authenticated
user*2

Authenticated user

Not authenticated
user*2

Permitted by the
authority of resource
ID 0

EX_EPPERM

*4

Permitted by the
authority of resource
ID 0

Permitted

Undefined resource
group

*3

Permitted by the
authority of the
relevant resource ID

EX_EGPERM

*4

EX_EPPERM

Permitted by the
authority of the
relevant resource ID

EX_EGPERM

*4

Defined resource
group

*1

: Above-described commands except for the raidcom command

*2

: User who uses the mode without the command authentication

*3

: Undefined as the resource group

*4

: Command execution is rejected by the relevant error

Target resources

The following objects are arbitrarily defined as the resource groups by each user.

•

LDEV

•

Physical port

Command operation authority and user authentication

53