Manualshelf

HP 3PAR StoreServ Concepts Guide: HP 3PAR OS 3.1.3

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
21222324252627282930
is made for group A with the super-map parameter, a user who belongs to group A is authorized
with Super rights to the system.
With this process, a user can be authenticated, but that user is not authorized if no group
membership exists. In this case, the user is subsequently denied access to the system.
Authorization on Systems Using Virtual Domains
As discussed in “LDAP Authorization” (page 23), a user’s group association determines that user’s
role within the system. On systems using virtual domains, the user’s groups are mapped to system
domains. Therefore, the user’s role within a specific group extends to the domains mapped to that
group. For instructions on authorizing LDAP users on systems using domains, see “Managing User
Accounts and Connections” in the HP 3PAR OS CLI Administrator’s Manual.
The group-to-domain mapping relationship is shown in Figure 2 (page 24):
LDAP User 1 has membership in Group B.
Group-to-role mapping determines that Group B uses the Edit role.
Group-to-domain mapping establishes a match between Group B and Domain A.
LDAP User 1 has Edit role access to all objects in Domain A.
Figure 2 Group-to-Domain Mapping Relationship
24 Lightweight Directory Access Protocol