184
EMC Symmetrix DMX-3 Product Guide
Data Integrity, Availability, and Protection
For additional granularity, user-based authorization provides an tool
for restricting the management operations to individual users.
User-based authorization and Access Control’s host-based
authorization are independent utilities that can be used either
individually or —for enhanced security—in tandem. User
authorization is managed using SMC or the SYMCLI symauth
command.
With user Authorization, a username can be mapped to a specific
role, which defines the operations that they are permitted to perform
on the Symmetrix array. User Authorization is configured
independently for each Symmetrix array. A Role is a pre-defined set
of permissions, or access types, that determine what operations a user
can perform. Unlike host-based access control, a user is assigned a
particular Role for the entire Symmetrix array rather than for
individual logical devices or classes of devices. Roles are predefined
in Solutions Enabler and cannot be modified.
For each Symmetrix array, a given user can only be assigned a single
role as follows:
◆ None — No actions authorized.
◆ Monitor — Able to perform read-only (passive) operations on a
Symmetrix array, excluding the ability to read the audit log or
Access Control definitions.
◆ Storage Admin — Able to perform all management operations on
a Symmetrix array and modify GNS group definitions in addition
to all Monitor operations.
◆ Admin — Able to perform all operations on a Symmetrix array,
including security and Monitor operations.
◆ Security Admin — Able to perform security operations
(symaudit, symacl, symauth) on a Symmetrix array in addition to
all Monitor operations.
◆ Auditor — Grants the ability to view, but not modify, security
settings for a Symmetrix array (including reading the Symmetrix
Audit Log, symacl list and symauth) in addition to all Monitor
operations. This is the minimum role required to view the
Symmetrix Audit Log.
To Next Page
Loading...
Need help?
General
