Data Protection (Replication) tasks are often performed by third-party personnel. In the earlier releases, a user needed storage administrator-level privileges to perform data protection tasks; however, allowing third-party personnel this level of access could pose a security threat. To solve this problem, VNX systems have three Data Protection roles:
NOTE: None of these roles allows the user to create new data protection objects such as snapshots, clones, SAN Copy sessions, or mirrors. The user can control only existing data protection objects. Users can view the domain for objects that they cannot control; this allows them to have a fuller understanding of their environment.
Local Data Protection - Has privileges only to do SnapView (snapshots and clones) and Snapsure (Checkpoints) tasks; however, data recovery operations like rollback a snapshot or reverse synchronize a clone are not allowed. Also, this role does not have privilege to create new storage objects.
Data Protection - Includes all local data protection privileges, MirrorView, and SAN Copy tasks; however, data recovery tasks such as promoting a secondary and fracturing a mirror are not allowed. Also, this role does not have privilege to create new storage objects.
Data Recovery - Includes all local data protection and data-protection role privileges and the ability to do data recovery tasks; however, this role does not have privilege to create new storage objects.
Capabilities of data protection roles lists the data protection tasks and which roles have privilege to perform those tasks.
VNX for File CLI role-based access provides detailed information about how role-based access is used to determine which of the VNX for file CLI commands (task) a particular user can execute.
Table 1. Capabilities of data protection roles
Task
Local data protection
Data protection
Data recovery
Snapview
Start a (consistent) snap session
Yes
Yes
Yes
Stop a (consistent) snap session
Yes
Yes
Yes
Activate a session to a snapshot LUN
Yes
Yes
Yes
Deactivate a session from a snapshot LUN
Yes
Yes
Yes
Synchronize a clone
Yes
Yes
Yes
Fracture a clone
Yes
Yes
Yes
Roll back a snap session
No
No
Yes
Reverse synchronize a clone
No
No
Yes
Mirrorview
Synchronize a mirror / consistency group
No
Yes
Yes
Fracture a mirror / consistency group
No
No
Yes
Control the update parameters of an asynchronous mirror
No
Yes
Yes
Modify the update frequency of an asynchronous mirror
No
Yes
Yes
Throttle a mirror / consistency group
No
Yes
Yes
Promote a synchronous or asynchronous secondary mirror / consistency group
No
No
Yes
SAN Copy
Start a session
No
Yes
Yes
Stop a session
No
Yes
Yes
Pause a session
No
Yes
Yes
Resume a session
No
Yes
Yes
Mark a session
No
Yes
Yes
Unmark a session
No
Yes
Yes
Verify a session
No
Yes
Yes
Throttle a session
No
Yes
Yes
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\