HP Storage Provisioning Manager (SPM) Version 1.2 User Guide

ManualsBrandsHP ManualsSoftwareHP Consolidation Pack for HP ProLiant 100 server Licenses

At the catalog level, every request made to the SPM service is classified as being a specific type of

operation. See “Catalog access rights” on page 24.

Table 1 Catalog access rights

DescriptionAccess right

Grants a user or group general permission to make inquires about the entities

in the catalog. This access right is required to log into the SPM interface.

Catalog View

Grants a user or group general permission to make requests that add, remove,

or change entities in the catalog.

Catalog Modify

Grants a user or group permission to modify the catalog access control list,

including the owner. Grant this right only to users or groups that are considered

administrators, since anyone that can change the catalog owner can give

themselves unlimited access to SPM service.

Catalog Modify Secur-

ity

Grants a user or group permission to make requests that perform diagnostics

on the service. Grant this right only to administrators, and to HP support staff

when necessary.

Catalog Run Dia-

gnostics

The access control list (ACL) is the list of access rights granted to users or groups for either the catalog

or an entity. The owner of the catalog ACL has all access rights at both the catalog and entity level;

therefore, it has unlimited access in the system. Initially, the catalog owner is set to the local

Administrators group of the server running the SPM service. That is, only members of the local

Administrators group are able to log into SPM until more users and groups are granted catalog access.

At the entity level, every request involves reading or modifying entities. If the request access check at

the catalog level is successful, access checks against any involved entities are then performed. To

submit storage requests, the Insight Dynamics user requires Catalog Modify capabilities. The access

check against the user entity must find the appropriate capabilities to fulfill the request. Not all of the

entity access rights pertain to all entity types. See “Entity access rights” on page 24.

Table 2 Entity access rights

DescriptionAccess right

Grants a user or group permission to view (read) properties of the associated

entity

Entity View

Grants a user or group permission to change the properties of the associated

entity

Entity Modify

Grants a user or group permission to modify the access control list of the asso-

ciated entity, including the owner

Entity Modify Secur-

ity

Grants a user or group permission to refresh information presented to SPM

from the resource

Resource Refresh

Grants a user or group permission to import volumes from an array.

Array Import Volumes

Grants a user or group permission to fulfill (bind) the associated service entity

(volume) with any volume goal

Service Bind

Grants a user or group permission to have SPM automate the changes to the

presentation of the associated volume when a referencing goal is updated

Volume Modify

Presentation

The entity ACL owner is given Entity View and Entity Modify Security access rights for

that entity. The default entity ACL owner is the requester that created the entity.

Configuring the storage catalog24