HP 3PAR StoreServ 7450 4-node HP 3PAR StoreServ Storage Concepts Guide (OS 3.1 - Page 25
Domain Type, Users and Domain Rights, Object and Domain Association Rules
View all HP 3PAR StoreServ 7450 4-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
Domain Type The first tier of access control is the domain to which a subset of a system's objects belong. The objects can be assigned to a specific domain, or have no domain association. • The no domain contains objects that do not belong to any specified domains. For example, objects in an existing system that did not previously use domains do not belong to any domains. • specified domains are created by the domain administrator and contain objects specific to that domain. Only users with rights over that domain can work with those objects. For example, User A in Domain A can access objects in Domain A, but not in Domain B. Multiple specified domains can be created. Users with the Super role can browse and edit objects in all domains. Users and Domain Rights By default, users with the Super role have rights over the entire system. Only these users and users belonging to the Edit user role in the all domain can create and edit CPGs, hosts, Remote Copy groups, and assign CPGs and hosts to specified domains. Additionally, these users have access to all domains and their objects. When setting up domains and users in the system, some users may require access to multiple domains with different user rights. virtual domains allow users access to more than one domain and a single user can be assigned different user roles in each domain. NOTE: A user having rights over multiple domains cannot perform intra-domain operations between objects in different domains. Users can have access to a maximum of 32 domains. Object and Domain Association Rules Domains contain basic objects such as CPGs, hosts, and Remote Copy groups, and derived objects such as VVs, LDs, and VLUNs. Objects and their associations with domains must adhere to the following rules: • Objects derived from a CPG inherit the domain of that CPG. • VVs can only be exported to hosts belonging to the VVs' domain. • A VLUN inherits the domain of the VV and host from which the VLUN was exported. The Default and Current Domains When a user is initially created, the user is able access objects in all assigned domains. The user can browse or edit objects depending on the user's assigned user role. For example, an Edit user assigned to Domains A and B can view and work on objects in both Domains A and B. However, if it is apparent that a specific domain will receive the majority of attention from a user, virtual domains provide the ability for administrators to set a default domain for that user. Users and Domain Rights 25