Data Center Fabric Manager Professional User Manual v10.3.X (53-1001355-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series SAN Network Advisor Software

341

342

343

344

345

346

347

348

349

350

DCFM Professional User Manual 315

53-1001355-01

Encryption user privileges

In the Management application, resource groups are assigned privileges, roles, and fabrics.

Privileges are not directly assigned to users; users get privileges because they belong to a role in a

resource group. A user can only belong to one resource group at a time.

The Management application provides three pre-configured roles:

• Storage encryption configuration.

• Storage encryption key operations.

• Storage encryption security.

Table 32 lists features and the associated roles with read/write access and read-only access.

TABLE 32 Role-based access control privileges and descriptions

Privilege Read-Only Read/Write

Storage Encryption

Configuration

Disables all functions

from the Encryption

Center dialog box except

view.

Enables the following functions from the Encryption Center dialog box:

• Launch the Configure Encryption dialog.

• View switch, group, or engine properties.

• View the Encryption Group Properties Security tab.

• View encryption targets, hosts, and LUNs.

• Create a new encryption group or add a switch to an existing

encryption group.

• Edit group engine properties (except for the Security tab)

• Add targets.

• Select encryption targets and LUNs to be encrypted or edit LUN

encryption settings.

• Edit encryption target hosts configuration.

• Change routing mode on an encrypyion engine.

Storage Encryption

Key Operations

Disables all functions

from the Encryption

Center dialog box except

view.

Enables the following functions from the Encryption Center dialog box:

• Launch the Configure Encryption dialog.

• View switch, group, or engine properties,

• View the Encryption Group Properties Security tab.

• View encryption targets, hosts, and LUNs.

• Initiate manual LUN re-keying.

• Enable and disable an encryption engine.

• Zeroize an encryption engine.

• Restore a master key.

• Edit key vault credentials.

Storage Encryption

Security

Disables all functions

from the Encryption

Center dialog box except

view.

Enables the following functions from the Encryption Center dialog box:

• Launch the Configure Encryption dialog.

• View switch, group, or engine properties.

• View encryption targets, hosts, and LUNs.

• Create a master key.

• Backup a master key.

• Enable encryption functions after a power cycle.

• View and modify settings on the Encryption Group Properties

Security tab (quorum size, authentication cards list and system

card requirement).

• Establish link keys for LKM key managers.