3PAR InForm® OS 2.2.4 CLI Administrator's Manual (320-200113 Rev A, March 2009)
4.22
LDAP Connection
3PAR InForm OS CLI Administrator’s Manual InForm OS Version 2.2.4
4.3.2.5 Configuring Group-To-Privilege Mapping Parameters
Once you have configured the group location parameters, you must now decide what privilege
you wish to assign the users for a given group. To configure group-to-privilege mapping:
1 Issue the
setauthparam <privilege_map> <group> command, where:
<privilege_map> is one of:
super-map - provides super level privileges within the specified group.
service-map - provides service level privileges within the specified group.
edit-map - provides edit level privileges within the specified group.
browse-map - provides browse level privileges within the specified group.
<group> is the group to which the user has membership, as displayed with the
checkpassword command. You can specify multiple groups. For Active Directory, the
group is displayed as a string of information as shown in the following example:
CN=Software,CN=Users,DC=ACME,DC=com
2 Repeat step 1 above if you wish to assign users a different privilege level for another group
to which that user has membership.
3 Issue the
checkpassword command to verify that the users have the privilege(s) you
assigned for the desired group(s). Use a member of a specific group to verify the privilege.
Example:
In the example above:
Users belonging to the Software group are configured to have edit privileges within the
system.
Users belonging the Eng group are configured to have browse privileges within the system.
InServ1 cli% setauthparam -f edit-map CN=Software,CN=Users,DC=3par,DC=com
InServ1 cli% setauthparam -f browse-map CN=Eng,CN=Users,DC=3par,DC=com