HP 3PAR StoreServ 7450 4-node HP 3PAR StoreServ Storage Concepts Guide (OS 3.1 - Page 25

Domain Type, Users and Domain Rights, Object and Domain Association Rules

Get HP 3PAR StoreServ 7450 4-node PDF manuals and user guides View all HP 3PAR StoreServ 7450 4-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Domain Type The first tier of access control is the domain to which a subset of a system's objects belong. The objects can be assigned to a specific domain, or have no domain association. • The no domain contains objects that do not belong to any specified domains. For example, objects in an existing system that did not previously use domains do not belong to any domains. • specified domains are created by the domain administrator and contain objects specific to that domain. Only users with rights over that domain can work with those objects. For example, User A in Domain A can access objects in Domain A, but not in Domain B. Multiple specified domains can be created. Users with the Super role can browse and edit objects in all domains. Users and Domain Rights By default, users with the Super role have rights over the entire system. Only these users and users belonging to the Edit user role in the all domain can create and edit CPGs, hosts, Remote Copy groups, and assign CPGs and hosts to specified domains. Additionally, these users have access to all domains and their objects. When setting up domains and users in the system, some users may require access to multiple domains with different user rights. virtual domains allow users access to more than one domain and a single user can be assigned different user roles in each domain. NOTE: A user having rights over multiple domains cannot perform intra-domain operations between objects in different domains. Users can have access to a maximum of 32 domains. Object and Domain Association Rules Domains contain basic objects such as CPGs, hosts, and Remote Copy groups, and derived objects such as VVs, LDs, and VLUNs. Objects and their associations with domains must adhere to the following rules: • Objects derived from a CPG inherit the domain of that CPG. • VVs can only be exported to hosts belonging to the VVs' domain. • A VLUN inherits the domain of the VV and host from which the VLUN was exported. The Default and Current Domains When a user is initially created, the user is able access objects in all assigned domains. The user can browse or edit objects depending on the user's assigned user role. For example, an Edit user assigned to Domains A and B can view and work on objects in both Domains A and B. However, if it is apparent that a specific domain will receive the majority of attention from a user, virtual domains provide the ability for administrators to set a default domain for that user. Users and Domain Rights 25

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
Domain Type
The first tier of access control is the domain to which a subset of a system’s objects belong. The
objects can be assigned to a specific domain, or have no domain association.
The
no
domain contains objects that do not belong to any
specified
domains. For example,
objects in an existing system that did not previously use domains do not belong to any domains.
specified
domains are created by the domain administrator and contain objects specific
to that domain. Only users with rights over that domain can work with those objects. For
example, User A in Domain A can access objects in Domain A, but not in Domain B. Multiple
specified
domains can be created. Users with the Super role can browse and edit objects
in all domains.
Users and Domain Rights
By default, users with the Super role have rights over the entire system. Only these users and users
belonging to the Edit user role in the all domain can create and edit CPGs, hosts, Remote Copy
groups, and assign CPGs and hosts to
specified
domains. Additionally, these users have access
to all domains and their objects.
When setting up domains and users in the system, some users may require access to multiple
domains with different user rights. virtual domains allow users access to more than one domain
and a single user can be assigned different user roles in each domain.
NOTE:
A user having rights over multiple domains cannot perform intra-domain operations
between objects in different domains. Users can have access to a maximum of 32 domains.
Object and Domain Association Rules
Domains contain basic objects such as CPGs, hosts, and Remote Copy groups, and derived objects
such as VVs, LDs, and VLUNs. Objects and their associations with domains must adhere to the
following rules:
Objects derived from a CPG inherit the domain of that CPG.
VVs can only be exported to hosts belonging to the VVs’ domain.
A VLUN inherits the domain of the VV and host from which the VLUN was exported.
The Default and Current Domains
When a user is initially created, the user is able access objects in all assigned domains. The user
can browse or edit objects depending on the user’s assigned user role. For example, an Edit user
assigned to Domains A and B can view and work on objects in both Domains A and B. However,
if it is apparent that a specific domain will receive the majority of attention from a user, virtual
domains provide the ability for administrators to set a default domain for that user.
Users and Domain Rights
25