3PAR InForm® OS 2.2.4 Concepts Guide (320-200085 Rev B, March 2009)
5.3
Domain Types and User Classes
InForm OS Version 2.2.4 3PAR InForm OS Concepts Guide
5.2 Domain Types and User Classes
When using domains for access control, accessibility to basic objects and derived objects is
limited by a user’s class (privilege level) and domain assignment.
5.2.1 Domain Type
The first tier of access control is the domain to which a subset of an InServ system’s objects
belong. The objects can be assigned to a specific domain, or have no domain association.
■ The no domain contains objects that do not belong to any specified domains. For
example, objects in an existing InServ system that did not previously use Domains do not
belong to any domains.
■ specified domains are created by the domain administrator and contain objects specific
to that domain. Only users with privileges over that domain can work with those objects.
For example, User A in Domain A can access objects in Domain A, but not in Domain B.
Multiple
specified domains can be created.
If the
setclienv listdom 1 command has been issued, when viewing system objects, a
Domain column is displayed. Objects not belonging to any domain (
no domain) are displayed
with a dash (
-) under the Domain column. Otherwise, the domain to which the object belongs
appears under the
Domain column.
For additional information, see Users and Domain Privileges on page 5.5. Refer to the InForm
OS CLI Administrator’s Manual for instructions on setting up domains.
5.2.2 User Class
In addition to domain type, the second tier of access control limiting user access is user class. In
terms of domains, user class defines a user’s authority level within a domain to access and work
with basic and derived domain objects.
There are two classes of domain user, Browse and Edit (Table 5-1). System object accessibility
and domain accessibility are dependent on the user’s privilege level.