beautypg.com

Precautions when working with user groups, Roles, Precautions when working with user groups roles – HP XP7 Storage User Manual

Page 54: User registering example

background image

For details about resource groups, see the HP XP7 Provisioning for Open Systems User Guide.

User registering example

The setting operations that affect the security of the whole system must be done by the
administrator.

The setting operations on the resource group 10 must be done by user A.

The setting operations on the resource group 20 must be done by user B.

To implement the above configuration, assign the users to the user groups as shown below.

Table 7 User registration example

Resource group to be assigned
to user group

Roles to be assigned to the user group

User group to be
registered

User

All Resource Groups Assigned

1

Security Administrator (View & Modify)

user group 1

Administrator

Resource group 10

Storage Administrator

2

user group 10

User A

Resource group 20

Storage Administrator

2

user group 20

User B

Notes:

1.

For the user group that is assigned the Security Administrator role, All Resource Groups Assigned is automatically
set to Yes.

2.

There are a few types of storage administrators. See

Table 8 (page 55)

for more information.

Precautions when working with user groups

Before creating or manipulating user groups, read and understand the following precautions.

When a user is assigned to multiple user groups, the user has the permissions of all the roles
in each user group that are enabled on the resource groups assigned to each user group.

If a user has All Resource Groups Assigned set to Yes, the user can access all the resources
in the storage system. For example, if a user is a security administrator and a storage
administrator taking care of some resources, have all resource groups assigned, and has roles
of Security Administrator (View & Modify) and Storage Administrator (View & Modify), the
user can edit the storage for all the resources.

If this is a problem, the recommended solution is to register the following two user accounts
in the HP XP7 Storage system and use these different accounts for different purposes

A security administrator user account that has All Resource Groups Assigned set to Yes.

A storage administrator user account that does not have all resource groups assigned
and has only some of the resource groups assigned.

For the user groups whose roles are other than the Storage Administrator, All Resource Groups
Assigned is automatically set to Yes. If you delete all the roles except the Storage Administrator,
reassign resource groups to the user group because All Resource Groups Assigned is
automatically set to No. To assign resource groups to the user group, see

“Changing resource

groups assigned to a user group” (page 66)

.

Roles

The following table shows all the roles that are available for use and the permissions that each
role provides to the users. You cannot create a custom role.

54

Setting up and managing user accounts

This manual is related to the following products:
See also other documents in the category HP Storage: