Once communications are established with
the LDAP service, specific LDAP groups must be given access to Unisphere by
mapping them to Unisphere roles. The LDAP service only performs the
authentication. Once authenticated, the user's authorization is determined by
the assigned Unisphere role. The most flexible configuration is to create LDAP
groups that correspond to Unisphere roles. This allows you to control access to
Unisphere by managing the members of the LDAP groups.
NOTE:LDAP user level role mapping that is related to
storage processors (SPs) and Unisphere roles can be configured by using the VNX
for block CLI. See the
VNX Command Line Interface (CLI) Reference
for Block for more information.
For example, assume that there is an LDAP group
called "Storage Admins" of which Bob and Sarah are members. Another LDAP group
exists called "Storage Monitors" of which Mike and Cathy are members. The
"Storage Admins" group can be mapped to the Unisphere Administrator role,
giving Bob and Sarah full control of the storage systems. The "Storage
Monitors" group can be mapped to the Unisphere Operator role, giving Mike and
Cathy read-only access to the storage systems. If six months later Mike becomes
a more trusted administrator, he can be given full access to the storage
systems (Administrator role) simply by adding him to the "Storage Admins" LDAP
group.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\