ViPR Controller Assign Access Control Lists (ACLs)
Table of Contents
You should ensure you are familiar with the idea behind ACLs described in Understanding ViPR Controller Users, Roles, and ACLs, which is available from the ViPR Controller Product Documentation Index.Back to Top
A virtual array comprises array endpoints and host endpoints interconnected by a SAN fabric or an IP network. The virtual array can comprise both fibre channel and IP networks. In this way different array ports can be configured into different virtual arrays, allowing a physical array to contribute to more than one virtual array.
This partitioning of physical arrays into virtual arrays, coupled with the ability to assign access to specific tenants, provides control over the storage provisioning environment made available to a tenant.
Even finer grained control can be obtained by assigning specific virtual pools to tenants. For storage provisioning purposes, the physical storage pools of a virtual array are offered as virtual pools based on their performance and protection characteristics. Restricting access to a virtual pool to specific tenants could mean that if a virtual pool is configured to use a particular array type, restricting access to the virtual pool can prevent a particular tenants from accessing the array. Similarly, you could restrict access to a pool that provides a particular performance characteristic, such as SSD.Back to Top
Before you begin
- You must have the System Administrator role in ViPR Controller.
Prior to assigning a virtual array or virtual pool to one or more tenants, access the virtual array and virtual pool is available to all tenants. When you assign a virtual array or virtual pool to one or more tenants it will go from being unrestricted to being available only to the selected tenants. Tenants that could see the virtual pool prior to the assignment will no longer be able to do so.
For this reason restricting access to a specific tenant actually means assigning access to all of the tenants that you do want to allow access.
- Virtual array configuration. To select a virtual array and make it available to specific tenants:
Users belonging to the specified tenants will have access to the virtual array.
- At the ViPR UI, select .
- Select the virtual array that you want to assign/restrict access to.
- Check the Grant Access to Tenants box and choose the tenants that you want the virtual pool to be available to.
The Tenant Access panel on the Edit Virtual Array page is shown below.
- Save the virtual array.
- Virtual pool configuration. To select a virtual pool and make it available to specific tenants:
Users belonging to the specified tenants will have access to the virtual pool.
- At the ViPR Controller UI, select or .
- Select the virtual pool that you want to assign/restrict access to.
- Expand the Access Control Panel and check the Grant Access to Tenants box. Choose the tenants that you want the virtual array to be available to.
The Tenant Access panel on the Edit/Create File Virtual Pool page is shown below.
- Save the virtual pool.
Before you begin
This task is referenced by areas that use ACLs and provides general information on assigning users and groups to ACLs.
The role that you require depends on the area to which you are applying access control.
- Select Add ACL.
- From the Type drop-down, select whether you are using this entry to set access permissions for a user or a group.
- In the Name field, enter the name of the user or group that you are assigning permissions to.
Both users and groups are added in the format: email@example.com, or firstname.lastname@example.org. Users and groups must have been made available to the current tenant (mapped).When adding a ViPR Controller User Group, you only need to enter the name of the user group. It is not required to enter any of the domain components for User Groups.
- In the Access field, use the drop-down list to select the access permissions that you want to assign to the user or group.
- If you want to add further ACL entries, choose Add ACL to add another entry.
- If you decide you do not need an entry you have made, click the Remove button.
- Save the form that your are editing.