Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureStorage Solution Resources
21222324252627282930
Using Windows Active Directory For Account Authentication to PS Series Groups 16
Creating Additional Network Policies using Optional VSA’s
This section will discuss optional vendor specific attributes that can be used to add
more granular access to a PS Series group. An example of an administration account
with more granular access would be a pool administrator. Pool administrators have
management privileges only for specific pools on a PS Series group. To allow those
users to log in yet restrict their privileges to only the pools appropriate to them, you
must create a unique Active Directory group and a Remote Access Policy on the NPS
server specific to each type of pool administration account you need.
Another example might be a volume administrator. Volume administrators have access
to a specific pool and a quota value that they can use for volume creation. These are
some of the examples that will be discussed in this section.
Follow the steps laid out in the previous sections to add new user groups for the new
administration roles and refer to Creating Network Policies on the NPS Server to add
the new policy attributes for administrators.
Note: Attribute values are supported at specific PS Series firmware levels. Refer to
Table 2 in this section for a complete list of supported attribute values and firmware
levels.
Example 1: Configuring Attributes Values for Pool Administrators:
For example, you might have pool administrators for Pools A and B on a PS Series
group, and others for Pools C and D. Additionally, you might have pool administrators
who also have group-wide read-only privilege. These users can see, but not change, all
the other objects in the group.
When adding the Vendor Specific Attributes for the new Network Policy, follow the
steps below. Add a vendor-specific attribute with the following fields:
Vendor-specific attribute number: enter 6
Attribute format drop-down: select Decimal
Attribute value field: enter 1
Click OK twice to get back to the Attribute Information window.
Add another Attribute Value to specify the PS Series pool attributes. Use the
same Vendor Code for network access server (12740) and choose “Yes. It
conforms.” Configure the attribute values as follows: