3.6.1 HP PolyServe Matrix Server Administration Guide (T5392-96018, August 2008)
Chapter 12: Configure Security Features 149
Form. Specify whether you entered a name or an ID for the account.
Tips for Specifying Accounts
When specifying accounts for a role, you should be aware of the
following:
• Matrix Server uses the contents of the access token created when you
logged into the matrix to determine user and group identities.
• To simplify Role-Based Security administration, specify groups
instead of users wherever possible.
• Specify groups that are valid for all servers in the matrix. Domain
universal groups and domain global groups have access to all servers.
You can also use domain local groups from the domain to which the
servers belong.
NOTE: Matrix Server will not prevent you from adding users or
groups that are not valid on all nodes. For example, you can
add local users or groups to a role, but these users and groups
have the permissions of the role only on the local server and
are not valid role members on the other servers.
• Matrix Server follows the same rules as those for adding users and
groups to machine local groups and domain local groups. If you can
add a user or group to a filesystem ACL for a given PSFS file or
directory, you can add that same user or group to a role. If you cannot
add a user or group to a filesystem ACL, do not add that user or group
to a role, as the user or group is not valid on all servers.
• To add a user or group by SID, you will need to know the SID. You can
find SIDs for the currently logged-on user and group memberships by
running the Windows whoami command. To find the SID for a user or
group that is not in your access token, use the Microsoft Windows
2003 support tool getsid.exe, which is available on the Windows 2003
installation media.
• If a user account name contains more than 20 characters, you will need
to specify the account name in UPN format, as a SID, or as a
pre-Windows 2000 name. Names in NTLM format
(NetBIOS-domain\username, DNS-name\username, or isolated