Upload
venkyseela
View
224
Download
0
Embed Size (px)
Citation preview
8/12/2019 Access Controls to Sys Objects
1/38
EMCVNXSeries
Release 8.1
Controlling Access to VNXSystem Objects
P/N 300-015-106 Rev 01
EMC CorporationCorporate Headquarters:
Hopkinton, MA 01748-9103
1-508-435-1000
www.EMC.com
8/12/2019 Access Controls to Sys Objects
2/38
Copyright 1998 - 2013 EMC Corporation. All rights reserved.
Published August 2013
EMC believes the information in this publication is accurate as of its publication date. Theinformation is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATIONMAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TOTHE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIEDWARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires anapplicable software license.
For the most up-to-date regulatory document for your product line, go to the TechnicalDocumentation and Advisories section on EMC Powerlink.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks onEMC.com.
All other trademarks used herein are the property of their respective owners.
Corporate Headquarters: Hopkinton, MA 01748-9103
2 Controlling Access to VNX System Objects
8/12/2019 Access Controls to Sys Objects
3/38
Contents
Preface.....................................................................................................5
Chapter 1: Introduction...........................................................................7
System requirements...............................................................................................8
User interface...........................................................................................................8
Related information................................................................................................8
Chapter 2: Concepts.............................................................................11
How access control to VNX system objects works...........................................13
Administrative user and group access control.................................................13
System object access control................................................................................14
Access control example........................................................................................18
Chapter 3: Configuring.........................................................................19
Create entries in an access control level table...................................................20
Establish access control levels for objects..........................................................21
Create an access control level for a Data Mover...............................................22
Create an access control level for a volume.......................................................23
Create an access control level for a file system.................................................23
Create an access control level for a storage system..........................................24
Chapter 4: Managing............................................................................27List the access control level information............................................................28
Modify an access control level entry..................................................................28
View the entries in the access control level table..............................................29
Delete an access control level entry....................................................................29
Controlling Access to VNX System Objects 3
8/12/2019 Access Controls to Sys Objects
4/38
Chapter 5: Troubleshooting..................................................................31
EMC E-Lab Interoperability Navigator..............................................................32
VNX user customized documentation...............................................................32Error messages.......................................................................................................32
EMC Training and Professional Services...........................................................33
Glossary..................................................................................................35
Index.......................................................................................................37
4 Controlling Access to VNX System Objects
Contents
8/12/2019 Access Controls to Sys Objects
5/38
Preface
As part of an effort to improve and enhance the performance and capabilities of its product lines,EMC periodically releases revisions of its hardware and software. Therefore, some functions described
in this document may not be supported by all versions of the software or hardware currently in use.For the most up-to-date information on product features, refer to your product release notes.
If a product does not function properly or does not function as described in this document, pleasecontact your EMC representative.
Controlling Access to VNX System Objects 5
8/12/2019 Access Controls to Sys Objects
6/38
Special notice conventions
EMC uses the following conventions for special notices:
Note:Emphasizes content that is of exceptional importance or interestbut does not relate to personal
injury or business/data loss.
Identifies content that warns of potential business or data loss.
Indicates a hazardous situation which, if not avoided, could result in minor or
moderate injury.
Indicates a hazardous situation which, if not avoided, could result in death or
serious injury.
Indicates a hazardoussituation which,if notavoided, will resultin deathor serious
injury.
Where to get help
EMC support, product, and licensing information can be obtained as follows:
Product informationFor documentation, release notes, software updates, or forinformation about EMC products, licensing, and service, go to EMC Online Support(registration required) athttp://Support.EMC.com.
TroubleshootingGo to EMC Online Support athttp://Support.EMC.com. Afterlogging in, locate the applicable Support by Product page.
Technical supportFor technical support and service requests, go to EMC CustomerService on EMC Online Support athttp://Support.EMC.com. After logging in, locatethe applicable Support by Product page, and choose eitherLive Chat or Create a servicerequest. To open a service request through EMC Online Support, you must have avalid support agreement. Contact your EMC sales representative for details aboutobtaining a valid support agreement or with questions about your account.
Note: Do not request a specific support representative unless one has already been assigned to
your particular system problem.
Your commentsYour suggestions will help us continue to improve the accuracy, organization, and overallquality of the user publications.
Please send your opinion of this document to:
6 Controlling Access to VNX System Objects
Preface
http://support.emc.com/http://support.emc.com/http://support.emc.com/http://support.emc.com/http://support.emc.com/http://support.emc.com/8/12/2019 Access Controls to Sys Objects
7/38
1
Introduction
This technical module describes how to use access control to defineadministrative user access to EMC VNX system objects. This technical
module is part of the VNX information set and is intended for use by theVNX administrator responsible for administrative user access.
Note: The access control functionality described in this technical module is onlyrelevant for administrative user access control of Data Mover, volume, file system,and storage system objects. This type of access control is separate from WindowsACLs. Configuring and Managing CIFS on VNX describes how to manage WindowsACL;Configuring NFS on VNXdescribes how to manage ACLs in an NFSv4environment.
Topics included are:
System requirements on page 8 User interface on page 8 Related information on page 8
Controlling Access to VNX System Objects 7
8/12/2019 Access Controls to Sys Objects
8/38
System requirements
Table 1 on page 8describes the EMC
VNX
software, hardware, network, and storageconfigurations required for using access control levels as described in this document.
Table 1. System requirements for access control levels
VNX version 8.1Software
No specific hardware requirementsHardware
No specific network requirementsNetwork
No specific storage requirementsStorage
User interface
This document describes how to configure access control levels by using the command lineinterface (CLI). You cannot use other VNX management applications to configure accesscontrol levels.
You can use Unisphere software to configure role-based administrativeaccess. This featureallows you to assign appropriate roles to different administrative users based on theirresponsibilities. A role defines the privileges (or rights to perform specific operations)assigned to an administrative user. These privileges work with the access control levelsdescribed in this document. Therefore, when using Unisphere software, an administrative
user must have both the privilege to perform an operation and sufficient access rights to theobject for an operation to be allowed.
Note: Unisphere software only displays the system objects accessible by the current user. If you use
the CLI to changea users or objects accesscontrol settings,that change is notreflected in the Unisphere
softwares display until you refresh the view.
Related information
Specific information related to the features and functionality described in this document is
included in:
EMC VNX Command Line Interface Reference for File
Security Configuration Guide for File
VNX for File man pages
8 Controlling Access to VNX System Objects
Introduction
8/12/2019 Access Controls to Sys Objects
9/38
VNX Glossary
EMC VNX documentation on EMC Online Support
The complete set of EMC VNX series customer publications is available on EMC OnlineSupport. To search for technical documentation, go tohttp://Support.EMC.com. Afterlogging in to the website, click Support by Productand type VNX seriesin the Find aProduct text box. Then search for the specific feature required.
VNX wizards
Unisphere software provides wizards for performing setup and configuration tasks. TheUnisphere online help provides more details on the wizards.
Related information 9
Introduction
http://support.emc.com/http://support.emc.com/8/12/2019 Access Controls to Sys Objects
10/38
10 Controlling Access to VNX System Objects
Introduction
8/12/2019 Access Controls to Sys Objects
11/38
2
Concepts
VNX access control functionality is designed to balance resource accessand system security needs. The access control of VNX system objects is
defined in two ways: An access level is assigned to the administrative users and groups
accessing VNX system objects.
A specific access level is required by a system object in order for anadministrative user to perform certain operations (read, write or modify,and delete) on that object.
You assign an access level to an administrative user or group by creatingan access control level entry in the Control Stations access control leveltable.
Note: An access control level entry is automatically added to the access controllevel table when you create a new administrative user by using the Unispheresoftware Administrators feature.
After an administrative users or groups access level is defined, you assignaccess level requirements to the objects to which you want to control access.These objects include Data Movers, volumes, file systems, and storagesystems.
When an administrative user tries to access a particular object, and thatadministrative user is not defined as the objects owner, the VNX softwareverifies the access level assigned to that administrative user against theaccess level requirement for that operation as defined on the object. Theadministrative user must be assigned at least the indicated access level to
execute the operation.
Topics included are:
How access control to VNX system objects works on page 13 Administrative user and group access control on page 13 System object access control on page 14
Controlling Access to VNX System Objects 11
8/12/2019 Access Controls to Sys Objects
12/38
Access control example on page 18
12 Controlling Access to VNX System Objects
Concepts
8/12/2019 Access Controls to Sys Objects
13/38
How access control to VNX system objects works
You manage access control by using:
An access control level table containing the access rights of administrative users andgroups to system objects
Access control level entries (single-digit numbers) representing available access controlpermissions
Access control level values assigned to specific objects
Administrative user and group access control
Administrative user and group access control is defined in the access control level table.
The access control level table resides on the Control Station. Each entry in the access controllevel table defines the access level allowed for specified administrative users and groups.The followingTable 2 on page 13is an example:
Table 2.Access control level table
namenum_idleveltypeindex
nasadmin201adminuser1
adminuser1211operatoruser2
adminuser2212adminuser3
adminuser3213observeruser4
adminuser4214adminuser5
adminuser5215operatoruser6
adminuser6216observeruser7
Note: An administrative user or group account must exist before it can be assigned an entry in thetable.
Table 3 on page 13describes the columns in the access control level table.
Table 3. Access control level table columns
IndicatesValue
A number associated with an entry inthe table.
index
Whether the permissions are for an ad-
ministrative user or group.
type
How access control to VNX system objects works 13
Concepts
8/12/2019 Access Controls to Sys Objects
14/38
Table 3. Access control level table columns(continued)
IndicatesValue
The permission level associated with
the administrative user or group.
level
The applicable UID or GID of the admin-
istrative user or group.
num_id
The name associated with the entry.name
Level values
The level column in the access control level table defines the access level assigned to anadministrative user or group, as shown inTable 4 on page 14. The admin, operator, andobserver levels correspond to the numbers 2, 3, and 4.
Note:These level values are used to define the type of administrative user who can perform read,write, and delete operations.
Table 4. Access control level values
DescriptionAssociated valueLevel
Includes the privileges of the operator
and observer levels.
2admin
Includes the privileges of the observer
level and any other customer-defined
levels.
3operator
Includes the privileges for its own level
and any other customer-defined levels.
4observer
These levels may be created by root
(by using the nas_aclcommand),5 9customer-defined
and used as input when establishing
access to objects.
Note: root always has access to an object regardless of the access control level entry assigned.
System object access control
System object access control is defined on each object. These objects include Data Movers,volumes, file systems, and storage systems.
14 Controlling Access to VNX System Objects
Concepts
8/12/2019 Access Controls to Sys Objects
15/38
Access control format
The access control value associated with a system object consists of up to four fields(owner, read, write, and delete), as shown inTable 5 on page 15. This value is definedwhen assigning an access control level to a system object. The value must include allfour fields: owner, read, write, and delete.
Table 5. System object access control level format
DeleteWriteReadOwner
Access control level entry
value
Access control level entry
value
Access control level entry
value
Index number
The following rules apply to the use of the read, write, and delete fields:
There must be an entry (a single digit) in the read, write, and delete fields. The digit in the delete field determines the access level required to issue delete
commands to the specified objects.
The digit in the write field determines the access level required to issue writecommands to the specified objects.
The digit in the read field determines the access level required to issueread commandsto the specified objects.
The following rules apply to the use of the owner field:
A system object must be assigned an owner.
The number used in the owner field must correspond to the index number assignedto an administrative user or group in the access control level table. For example, inTable 6 on page 15, index number 2 corresponds to the administrative useradminuser1:
Table 6. Access control table
namenum_idleveltypeindex
nasadmin201adminuser1
adminuser1211operatoruser2
adminuser2212adminuser3
adminuser3213observeruser4
adminuser4214adminuser5
adminuser5215operatoruser6
adminuser6216observeruser7
System object access control 15
Concepts
8/12/2019 Access Controls to Sys Objects
16/38
The owner has read, write, and delete access regardless of its access control level.
nasadmin (always index number 1) is treated like any other administrative user.
Access control level scenarios
Table 7 on page 16presents some scenarios for access control level usage.
Table 7.Access control level examples
Impact on the objectDeleteWriteReadOwner
The owner is nasad-
min and access is al-
lowed only for nasad-
min.
0001
The owner is nasad-min and access is al-
lowed only for nasad-
min.
1111
The owner is nasad-
min. Users with an
access level of at
least admin (level 2)
have read access on-
ly.
1121
Index entry with spec-
ified number (refer to
the access control
level table) is the
owner. Owner access
only.
000Any owner index
number
Index entry with spec-
ified number (refer to
the access control
level table) is the
owner. Owner access
only.
111Any owner index
number
16 Controlling Access to VNX System Objects
Concepts
8/12/2019 Access Controls to Sys Objects
17/38
Table 7. Access control level examples (continued)
Impact on the objectDeleteWriteReadOwner
Index entry with spec-ified number (refer to
the access control
level table) is the
owner. Users with an
access level of at
least admin (level 2)
have read access on-
ly.
112Any owner indexnumber
Index entry with spec-
ified number (refer to
the access control
level table) is theowner. Users with an
access level of at
least observer (level
4) have read access
only. Users with an
access level of at
least operator (level
3) have read/write ac-
cess. Users with an
access level of at
least admin (level 2)
have read/write/delete
access.
234Any owner index
number
Index entry with spec-
ified number (refer to
the access control
level table) is the
owner. All users with
an access level of at
least observer (level
4), operator (level 3),
and admin (level 2) all
have read/write/delete
access.
444Any owner index
number
Note: root always has universal access.
System object access control 17
Concepts
8/12/2019 Access Controls to Sys Objects
18/38
Access control example
Table 8 on page 18is an example to show how access control is implemented on a systemobject file system ufs2.
Table 8. Access control list
namenum_idleveltypeindex
nasadmin201adminuser1
adminuser1211operatoruser2
adminuser2212adminuser3
adminuser3213observeruser4
adminuser4214adminuser5
adminuser5215operatoruser6
adminuser6216observeruser7
File system ufs2 has been created with an access control level value of 2444. Consequently,referTable 9 on page 18for what thenas_fs -list command displays.
Table 9. Output of nas_fs -list
servernamevolumeacltypeinuseid
ufs224924441n19
The value in theaclfield (2444) should be interpreted as follows:
The owner (indicated by the number 2) is adminuser1.
As the specified owner, adminuser1 has full read, write, and delete access.
The number 4 in the read, write, and delete fields indicate that administrative users withan access level of at least observer have read, write, and delete access. Consequently,nasadmin and adminuser2 through adminuser6 have read, write, and delete access tofile system ufs2.
18 Controlling Access to VNX System Objects
Concepts
8/12/2019 Access Controls to Sys Objects
19/38
3
Configuring
The tasks to configure controlling access to VNX system objects are:
Create entries in an access control level table on page 20 Establish access control levels for objects on page 21 Create an access control level for a Data Mover on page 22 Create an access control level for a volume on page 23 Create an access control level for a file system on page 23 Create an access control level for a storage system on page 24
Controlling Access to VNX System Objects 19
8/12/2019 Access Controls to Sys Objects
20/38
Create entries in an access control level table
VNX software installation automatically creates an administrative user account callednasadmin that is the owner of all the servers Data Movers and their resources. You canconfigure additional administrative user accounts to allow ownership of certain systemobjects or groups of system objects to specific administrators. When you create a newadministrative user account, VNX automatically creates an entry for that account in theaccess control level table. By default, the permission level assigned to a new administrativeuser account is observer. Once a new administrative user account is created and an entryadded in the access control level table, you can modify the privileges allowed to the specifieduser or group.
Note: You create administrative user accounts by using the Administrators feature in Unispheresoftware. The Unisphere software online help describes this procedure. The Security ConfigurationGuidefor File provides an overview of administrative user accounts and role-based access.
Action
To display the administrative users and groups identified by entries in the access control level table, type:
$ nas_acl -list
Output
namenum_idleveltypeindex
nasadmin201adminuser1
adminuser1211operatoruser2
adminuser2212adminuser3
adminuser3213observeruser4
adminuser4214adminuser5
adminuser5215operatoruser6
adminuser6216observeruser7
Action
To modify the privilege level assigned to an administrative user identified by an access control level entry, use this command
syntax:
$nas_acl -modify -user level=
where:
= user ID(UID)
= a single-digit input representing available access control levels
20 Controlling Access to VNX System Objects
Configuring
8/12/2019 Access Controls to Sys Objects
21/38
Action
Note: You must be root to modify entries in the access control level table.
Example:
To change the privilege level assigned to adminuser6 (ID = 216) from the default level of observer (level 4) to admin (level
2), type:
$ nas_acl -modify -user 216 level=2
Output
done
Notes
Use the nas_acl -list command to view this change in the access control level table. After the modification, the access
control level table entry for adminuser6 appears as follows:
7 user admin 216 adminuser6
Establish access control levels for objects
By setting an access control level for an object, you define the privileges for eachadministrative user who accesses the object. When an administrative user or group tries toaccess a particular object, the access control level table, viewed using the nas_acl command,is verified against the access control level established by the relevant command for the object.
ReferTable 10 on page 21.
Table 10. Establishing access control levels for objects
ProcedureTask
Create an access control level for a
Data Mover on page 22
Create an access control level for a
Data Mover
Create an access control level for a
volume on page 23
Create an access control level for a
volume
Create an access control level for a file
system on page 23
Create an access control level for a file
system
Create an access control level for a
storage system on page 24
Create an access control level for a
storage system
Establish access control levels for objects 21
Configuring
8/12/2019 Access Controls to Sys Objects
22/38
Create an access control level for a Data Mover
ActionTo create an access control level for a Data Mover, use this command syntax:
$
nas_server
-acl
where:
= access control level value that defines the owner of the Data Mover, or the level of access allowed forusers and groups
= name of the Data Mover
Example:
To create an access control level for a Data Mover where the owner is nasadmin, read access is granted to observerusers, read and write access is granted to operator users, and read/write/delete access is granted to admin users, type:
$ nas_server -acl 1432 server_2
Note: The default value for the Data Movers access control level is 1000 which indicates that nasadmin is the owner andthe only user who is allowed access.
Output
i d = 1
name = server_2
acl = 1432, owner=nasadmin, ID=201
type = nas
slot = 2
member_of =
standby =
status :
defined = enabled
actual = online, active
22 Controlling Access to VNX System Objects
Configuring
8/12/2019 Access Controls to Sys Objects
23/38
Create an access control level for a volume
ActionTo create an access control level for a volume, use this command syntax:
$ nas_volume -acl
where:
= access control level value that defines the owner of the volume, or the level of access allowed for users and groups
= name of the volume
Example:
To create an access control level for a volume where the owner is adminuser2 (indicated by index level 3 in the accesscontrol table), read access is granted to operator and admin users, and write and delete access is not allowed (except to
root and the owner), type:
$ nas_volume -acl 3311 mtv
Note: No default access control levels are set for volumes.
Output
id = 247
name = mtv
acl = 3311, owner=adminuser2, ID=212
in_use = false
type = meta
volume_set = stv1
disks = d3, d4, d5, d6
Create an access control level for a file system
Action
To create an access control level for a file system, use this command syntax:
$nas_fs -acl
where:
Create an access control level for a volume 23
Configuring
8/12/2019 Access Controls to Sys Objects
24/38
Action
= access control level value that defines the owner of the file system, or the level of access allowed for
users and groups
= name of the file system
Example:
To create an access control level for a file system where the owner is the user indicated by index 5 in the access control
table, and only the owner has access, type:
$ nas_fs -acl 5111 ufs2
or
$ nas_fs -acl 5000 ufs2
Note: No default access control levels are set for file systems.
Output
i d = 1 9
name = ufs2
acl = 5111, owner=adminuser4, ID=214
in_use = False
type = uxfs
volume = mtv2
profile =
rw_servers=
ro_servers=
symm_devs = 002806000209-00B,002806000209-00C
disks = d8,d9
Create an access control level for a storage system
Action
To create an access control level for a storage system, use this command syntax:
$ nas_storage -acl
where:
24 Controlling Access to VNX System Objects
Configuring
8/12/2019 Access Controls to Sys Objects
25/38
Action
= access control level value that defines the owner of a storage system, or the level of access allowed for
users and groups
= name of the file system
Example:
To create an access control level for a storage system where only nasadmin has read/write/delete
access, type:
$ nas_storage -acl 1000 cx700_1
Note: No default access control levels are set for storage systems.
Output
i d = 1
serial_number = APM00042000818
name = cx700_1
acl = 1000, owner=nasadmin, ID=201
Create an access control level for a storage system 25
Configuring
8/12/2019 Access Controls to Sys Objects
26/38
26 Controlling Access to VNX System Objects
Configuring
8/12/2019 Access Controls to Sys Objects
27/38
4
Managing
The tasks to manage controlling access to VNX system objects are:
List the access control level information on page 28 Modify an access control level entry on page 28 View the entries in the access control level table on page 29 Delete an access control level entry on page 29
Controlling Access to VNX System Objects 27
8/12/2019 Access Controls to Sys Objects
28/38
List the access control level information
ActionTo display information for a specific access control level entry, use this command syntax:
$ nas_acl -info -user
where:
= user ID (UID)
Example:
To see the access control level information for adminuser1 (ID = 211), type:
$ nas_acl -info -user 211
Output
i d = 2
name = adminuser1
level = operator
user_id = 211
Modify an access control level entry
Action
To modify the privilege level assigned to an administrative user identified by an access control level entry, use this commandsyntax:
$ nas_acl -modify -user level =
where:
= user ID (UID)
= a single-digit input representing the access controllevel granted to the user.
Note: You must be root to modify entries in the access control level table.
Example:
To change the privilege level assigned to adminuser6 (ID = 216) from the default level of observer (level 4) to admin (level
2), type:
$ nas_acl -modify -user 216 level=2
28 Controlling Access to VNX System Objects
Managing
8/12/2019 Access Controls to Sys Objects
29/38
Output
done
Notes
Use the nas_acl -listcommand to view this change in the access control level table. After the modification, theaccess control level table entry for adminuser6 appears as follows:
7 user admin 216 adminuser6
View the entries in the access control level table
Action
To display the administrative users and groups identified by entries in the access control level table, type:
$ nas_acl -list
Output
namenum_idleveltypeindex
nasadmin201adminuser1
adminuser1211operatoruser2
adminuser2212adminuser3
adminuser3213observeruser4
adminuser4214adminuser5
adminuser5215operatoruser6
adminuser6216observeruser7
Delete an access control level entry
Action
To delete an access control level entry, use this command syntax:
#nas_acl -delete -user
where:
= user ID(UID)
Note: You must be root to delete entries in the access control level table.
View the entries in the access control level table 29
Managing
8/12/2019 Access Controls to Sys Objects
30/38
Action
Example:
To delete the access control level entry for adminuser1 (ID = 211), type:
# nas_acl -delete -user 211
Output
done
30 Controlling Access to VNX System Objects
Managing
8/12/2019 Access Controls to Sys Objects
31/38
5
Troubleshooting
As part of an effort to continuously improve and enhance the performanceand capabilities of its product lines, EMC periodically releases newversions
of its hardware and software. Therefore, some functions described in thisdocument may not be supported by all versions of the software orhardware currently in use. For the most up-to-date information on productfeatures, refer to your product release notes.
If a product does not function properly or does not function as describedin this document, contact your EMC Customer Support Representative.
Problem Resolution Roadmap for VNX contains additional information aboutusing EMC Online Support and resolving problems.
Topics included in this chapter are:
EMC E-Lab Interoperability Navigator on page 32 VNX user customized documentation on page 32 Error messages on page 32 EMC Training and Professional Services on page 33
Controlling Access to VNX System Objects 31
8/12/2019 Access Controls to Sys Objects
32/38
EMC E-Lab Interoperability Navigator
The EMC E-Lab
Interoperability Navigator is a searchable, web-based application thatprovides access to EMC interoperability support matrices. It is available on EMC OnlineSupport athttp://Support.EMC.com. After logging in, in the right pane under Product andSupport Tools, click E-Lab Navigator.
VNX user customized documentation
EMC provides the ability to create step-by-step planning, installation, and maintenanceinstructions tailored to your environment. To create VNX user customized documentation,go to:https://mydocs.emc.com/VNX.
Error messages
All event, alert, and status messages provide detailed information and recommended actionsto help you troubleshoot the situation.
To view message details, use any of these methods:
Unisphere software:
Right-click an event, alert, or status message and select to view Event Details, AlertDetails, or Status Details.
CLI:
Type nas_message -info , where is the messageidentification number.
Celerra Error Messages Guide:
Use this guide to locate information about messages that are in the earlier-releasemessage format.
EMC Online Support:
Use the text from the error message's brief description or the message's ID to searchthe Knowledgebase on EMC Online Support. After logging in to EMCOnline Support,
locate the applicable Support by Productpage, and search for the error message.
32 Controlling Access to VNX System Objects
Troubleshooting
http://support.emc.com/https://mydocs.emc.com/VNXhttp://support.emc.com/http://support.emc.com/https://mydocs.emc.com/VNXhttp://support.emc.com/8/12/2019 Access Controls to Sys Objects
33/38
EMC Training and Professional Services
EMC Customer Education courses help you learn how EMC storage products work togetherwithin your environment to maximize your entire infrastructure investment.EMC CustomerEducation features online and hands-on training in state-of-the-art labs conveniently locatedthroughout the world. EMC customer training courses are developed and delivered by EMCexperts. Go to EMC Online Support athttp://Support.EMC.comfor course and registrationinformation.
EMC Professional Services can help you implement your system efficiently. Consultantsevaluate your business, IT processes, and technology, and recommend ways that you canleverage your information for the most benefit. From business plan to implementation, youget the experience and expertise that you need without straining your IT staff or hiring andtraining new personnel. Contact your EMC Customer Support Representative for moreinformation.
EMC Training and Professional Services 33
Troubleshooting
http://support.emc.com/http://support.emc.com/8/12/2019 Access Controls to Sys Objects
34/38
34 Controlling Access to VNX System Objects
Troubleshooting
8/12/2019 Access Controls to Sys Objects
35/38
Glossary
A
access control levelsEntries in an access control level table created and recognized only in the Control Stationdatabase that define the access level allowed for specified administrative users. These entriesare used in conjunction with an access control value associated with certain system objects todefine administrative user access to VNX for file.
C
CLISee command line interface.
command line interface (CLI)Interface for typing commands through the Control Station to perform tasks that include themanagement and configuration of the database and Data Movers and the monitoring of statistics
for VNX for file cabinet components.
Control StationHardware and software component of VNX for file that manages the system and provides theuser interface to all VNX for file components.
D
Data MoverIn VNX for file, a cabinet component that is running its own operating system that retrievesdata from a storage device and makes it available to a network client. This is also referred to asa blade.
F
file systemMethod of cataloging and managing the files and directories on a system.
Controlling Access to VNX System Objects 35
8/12/2019 Access Controls to Sys Objects
36/38
U
UFSSee UNIX file system.
V
volumeOn VNX for File, a virtual disk into which a file system, database management system, or otherapplication places data. A volume can be a single disk partition or multiple partitions on oneor more physical drives.
See alsodisk volume,metavolume,slice volume, andstripe volume.
36 Controlling Access to VNX System Objects
Glossary
8/12/2019 Access Controls to Sys Objects
37/38
Index
A
access control level tableexample 13pre-requisites 13
access control levelsdefinition 14how they work 14rules 14
C
Control Stationuser accounts 13
creating an ACLfor a Data Mover 20
for a file system 20for a storage system 20for a volume 20
D
Data Mover, creating an ACL 22deleting ACL entries 29
E
EMC E-Lab Navigator 32
error messages 32
Ffile system, creating an ACL 23
L
listing ACL entries 20
M
messages, error 32
N
nas_acldeleting entries 20listing entries 20
nasadmin 16
S
storage systems, creating an ACL 24
T
troubleshooting 31
U
user accounts
Controlling Access to VNX System Objects 37
8/12/2019 Access Controls to Sys Objects
38/38
user accounts(continued)defining access 13
V
volume, creating an ACL 23
W
working with ACLs 13
Index