Fabric OS Encryption Administrator's Guide
Fabric OS Encryption Administrator’s Guide 15
53-1002159-03
Encryption user privileges
2
Encryption user privileges
In the Management application, resource groups are assigned privileges, roles, and fabrics.
Privileges are not directly assigned to users; users get privileges because they belong to a role in a
resource group. A user can only belong to one resource group at a time.
The Management application provides three pre-configured roles:
• Storage encryption configuration.
• Storage encryption key operations.
• Storage encryption security.
Table 1 lists the associated roles and their read/write access to specific operations. The functions
are enabled from the Encryption Center dialog box:
TABLE 1 Encryption User Privileges
Privilege Read/Write
Storage Encryption
Configuration
• Launch the Encryption center dialog box.
• View switch, group, or engine properties.
• View the Encryption Group Properties Security tab.
• View encryption targets, hosts, and LUNs.
• View LUN centric view
• View all re-key sessions
• Add/remove paths and edit LUN configuration on LUN centric view
• Re-balance encryption engines.
• Clear tape LUN statistics
• Create a new encryption group or add a switch to an existing encryption group.
• Edit group engine properties (except for the Security tab)
• Add targets.
• Select encryption targets and LUNs to be encrypted or edit LUN encryption settings.
• Edit encryption target hosts configuration.
• Show tape LUN statistics.
Storage Encryption Key
Operations
• Launch the Encryption center dialog box.
• View switch, group, or engine properties,
• View the Encryption Group Properties Security tab.
• View encryption targets, hosts, and LUNs.
• View LUN centric view.
• View all re-key sessions.
• Initiate manual re-keying of all disk LUNs.
• Initiate refresh DEK.
• Enable and disable an encryption engine.
• Zeroize an encryption engine.
• Restore a master key.
• Edit key vault credentials.
• Show tape LUN statistics.
Storage Encryption
Security
• Launch the Encryption center dialog box.
• View switch, group, or engine properties.
• View Encryption Group Properties Security tab.
• View LUN centric view.
• View all re-key sessions.
• View encryption targets, hosts, and LUNs.
• Create a master key.
• Backup a master key.
• Edit smart card.
• View and modify settings on the Encryption Group Properties Security tab (quorum size,
authentication cards list and system card requirement).
• Show tape LUN statistics.