HP StorageWorks Clustered File System 3.6.0 Windows Storage Server Edition Administration Guide (403103-005, January 2008)
Table Of Contents
- Contents
- HP Technical Support
- Quick Start Checklist
- Introduction to HP Clustered File System
- Cluster Administration
- Administrative Considerations and Restrictions
- Tested Configuration Limits
- Volume and Filesystem Limits
- User Authentication
- Start the Management Console
- Cluster Management Applications
- The HP CFS Management Console
- View Installed Software
- Start HP Clustered File System
- Stop HP Clustered File System
- Back Up and Restore the Cluster Configuration
- HP Clustered File System Network Port Numbers
- Configure Servers
- Configure Network Interfaces
- Configure the SAN
- Configure Dynamic Volumes
- Configure PSFS Filesystems
- Manage Disk Quotas
- Manage Hardware Snapshots
- Configure Security Features
- Configure Event Notifiers and View Events
- Overview
- Install and Configure the Microsoft SNMP Service
- Cluster Event Viewer
- Configure Event Notifier Services
- Select Events for a Notifier Service
- Configure the SNMP Notifier Service
- Configure the Email Notifier Service
- Configure the Script Notifier Service
- View Configurations from the Command Line
- Test Notifier Services
- Enable or Disable a Notifier Service
- Restore Notifier Event Settings to Default Values
- Import or Export the Notifier Event Settings
- Using Custom Notifier Scripts
- Cluster Operations on the Applications Tab
- Configure Virtual Hosts
- Configure Service Monitors
- Configure Device Monitors
- Advanced Monitor Topics
- SAN Maintenance
- Other Cluster Maintenance
- Management Console Icons
- Index
135
12
Configure Security Features
HP Clustered File System provides the following security features:
• Role-Based Security. By default, the machine’s local Administrators
group has full cluster rights and can perform all HP Clustered File
System operations. You can use the Role-Based Security feature to
create roles that allow or deny other users and groups the ability to
perform specific cluster operations.
• An audit trail of cluster operations that change the state or
configuration of the cluster, as well as operations that consume large
amounts of system resources. The audit messages specify both the
operation performed and the user who initiated the operation.
Role-Based Security
When you attempt to perform cluster operations, HP Clustered File
System reads the Windows access token created when you logged into
HP Clustered File System to determine your user account and the groups
to which you belong. It then assigns cluster permissions, or rights, to you
based on the roles to which your user account and groups belong. For
example, if you belong to a role that allows filesystem operations and also
belong to another role that allows you to configure servers, you will have
both sets of permissions.
A role denying an operation takes precedence over a role that allows the
operation. If you belong to a role that allows you to create, modify, and
delete filesystems and you also belong to a role that denies the ability to
delete filesystems, HP Clustered File System will authorize you only for