4.0.0 HP Polyserve Matrix Server Administration Guide (T5392-96052, March 2010)
11 Configure security features
Matrix Server provides the following security features:
• Role-Based Security. By default, the machine’s local Administrators group has full
cluster rights and can perform all Matrix Server operations. You can use the Role-
Based Security feature to create roles that allow or deny other users and groups
the ability to perform specific cluster operations.
NOTE:
Enabling User Access Control (UAC) adds an additional layer of security to your
authentication and can cause some of the previously acceptable authentication
and permissions to fail. Typically, when UAC is enabled the administrator group
accounts do not have the same privileges as the system built-in administrator.
• An audit trail of cluster operations that change the state or configuration of the
cluster, as well as operations that consume large amounts of system resources.
The audit messages specify both the operation performed and the user who initi-
ated the operation.
Role-based security
When you attempt to perform cluster operations, Matrix Server reads the Windows
access token created when you logged into Matrix Server to determine your user
account and the groups to which you belong. It then assigns cluster permissions, or
rights, to you based on the roles to which your user account and groups belong. For
example, if you belong to a role that allows filesystem operations and also belong
to another role that allows you to configure servers, you will have both sets of
permissions.
A role denying an operation takes precedence over a role that allows the operation.
If you belong to a role that allows you to create, modify, and delete filesystems and
you also belong to a role that denies the ability to delete filesystems, Matrix Server
HP PolyServe Matrix Server administration guide 149