HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 6
HP 3PAR Policy Server Connections, PendingRequests
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 6 highlights
available: View and Add/Edit. For the Audit Log component, only the View privilege is available. For the Remote (Sessions) component, the two privileges are View and End. View provides read-only access to the pages of a component, while Add/Edit provides read, write, and delete access to the pages and features of the component. For remote sessions, the End privilege allows the user to end a remote session. For example, Add/Edit for the Pending Requests component allows users to approve or deny pending requests, while, for the Users component, it allows users to create, edit, and delete profiles, roles, and users. The set of privileges is defined in the system and cannot be changed. • Profiles - From the Users component of the Policy Server application, you can define a set of privileges to one or more components. This set of privileges is referred to as a profile. You may want to create a profile for each main component (Policy, Pending Requests, Audit Log, Assets, Users, and Remote [Sessions]). Alternatively, you may want to create profiles that apply to the jobs that certain users perform. For example, you want to create profiles for users who manage Pending Requests and users who need to monitor the Audit Log. In a profile called PendingRequests, you select View and Add/Edit for the Pending Requests component. In another profile called AuditLog, you provide View access to the Audit Log component. In a third profile called PolicyView, you provide View access only to the Policy component. • Roles - Once you have defined profiles, you can combine them into sets, called roles. You can then assign roles to each user or assign users to each role. To continue the example from the Profiles, you create a role called RequestManager and assign it the PendingRequests and PolicyView profiles. You then assign the user whose job it is to handle incoming requests to the role. That user will be able to approve and deny pending requests, and as needed, view the policies for the assets. • Users - Created either in the Users component of the Policy Server application or in your directory server, Users are the login accounts that you create for people who need access to Policy Server. Once you have defined roles and assigned profiles to them, you can assign users to the roles. Similarly, when creating or editing users, you can assign one or more roles to them. When the user logs in, the Policy Server authenticates the User Name and Password with the directory server and then makes available the features defined by the roles assigned to the user. If a user has no roles assigned, a message is displayed that the user has no privileges and the user is logged out. If a user has more than one role assigned and a profile for one of those roles is deleted, that role becomes inactive. The next time that user logs in, only the features that are defined by the role that has not changed are available. For example, a user has one role that provides View and Add/Edit to the Assets component (through one profile) and a second role that provides the same access to the Policy and Pending Requests components through two separate profiles. If you remove the profile for the Policy component, the second role becomes inactive. The next time the user logs in, only the Dashboard and the Assets component are available. The removal of the Policy profile makes both the Policy and Pending Requests components unavailable because both profiles (Policy and Pending Request) are assigned to the same role. HP 3PAR Policy Server Connections Within an organization, a single HP 3PAR Policy Server can be configured to manage some or all Agent assets. For very large organizations or organizations that are geographically widespread, multiple Policy Servers can be configured to handle multiple sets of assets uniquely. For example, an organization might use multiple Policy Servers to handle assets located in departments that have different administration and security needs. All Policy Server settings except proxy server communications are configured in Agent Builder as part of an Agent's project configuration. You must use Agent Deployment Utility to configure proxy servers. The following figure shows an example of a single Policy Server connected to some assets at a customer site for policy management. 6 HP 3PAR Policy Server and the HSQL Database