The target commands
RAID Manager checks execution authorities on the following commands that use command devices.
• horctakeover, horctakeoff
• paircreate, pairsplit, pairresync
• raidvchkset
Controlling user resources
RAID Manager verifies the user who executes the command has been authenticated already. After
that, RAID Manager obtains the access authority of the resource groups that are configured on the
user roles, and then compares the access authority of the user and the specified resources.
Checking resource authorities
If the access is not permitted by comparing the access authorities of the resource groups configured
on the user roles and the specified resource, RAID Manager rejects the command with an error
code "EX_EGPERM". If the resource groups are defined among the large storage systems, the
specified resource is compared with the resource specified by obtaining the access authority
configured to each large storage system.
Target commands
RAID Manager checks resource authorities on the following commands that use command devices.
• raidcom commands (commands for setting configurations)
• horctakeover, horctakeoff, paircurchk, paircreate, pairsplit, pairresync, pairvolchk, pairevtwait,
pairsyncwait, pairmon
• raidscan (-find verify, -find inst, -find sync except for [d]), pairdisplay, raidar, raidqry (except
for -l and -r)
• raidvchkset, raidvchkscan (except for -v jnl), raidvchkdsp
Relation between user authentication and resource groups
In user authentication mode, RAID Manager verifies the access authority of the relevant resource
based on the user authentication and the role of it. Also, on the user authentication unnecessary
mode and the undefined resource groups, RAID Manager checks the access authorities shown in
the following table.
Table 14 Relations between resource groups and command devices
CommandsResources
raidcompairXX
1
Authenticated userNot authenticated user
2
Authenticated userNot authenticated user
2
Permitted by the
authority of resource ID
0
EX_EPPERM
4
Permitted by the
authority of resource
ID 0
PermittedUndefined
resource
3
Permitted by the
authority of the relevant
resource ID
EX_EGPERM
4
EX_EPPERM
Permitted by the
authority of the
relevant resource ID
EX_EGPERM
4
Defined resource
Notes:
1. Above-described commands except for the raidcom command
2. User who uses the mode without the command authentication
3. Undefined as the resource group
4. Command execution is rejected by the relevant error
Command operation authority and user authentication 57
Commentaires sur ces manuels