| ETERNUS SF AdvancedCopy Manager User's Guide 13.0 -Microsoft(R) Windows(R) 2000/Microsoft(R) Windows Sever(TM) 2003-, -Solaris-, -HP-UX-, -Linux-, -AIX- |
|
Contents
Index
|
This chapter describes the Authentication Feature of the AdvancedCopy Manager management and details how to use the AdvancedCopy Manager window.
When the AdvancedCopy Manager Web-GUI is used, Backups/Replication can easily be managed. Therefore, a careless or accidental click of the mouse can destroy data.
The Authentication Feature in AdvancedCopy Manager allows you to set the following permissions for each user:
Write permission
With this permission, all windows can be operated and displayed. It is the strongest authority in the authentication feature of AdvancedCopy Manager.
Execute permission
With this permission, all windows can be displayed and backup/replication management functions can be performed.
Read permission
With this permission, all windows can be displayed but none of them can be operated.
After AdvancedCopy Manager has been installed, only root users are registered as authentication feature users. They are not displayed in the Authentication Feature Management window. Write permission is set unconditionally for these users.
Only root users can add users, delete users, and change access permissions.
Authentication information in AdvancedCopy Manager must satisfy the following conditions:
The user name must consist of between two and eight alphanumeric characters. (Symbols such as the colon cannot be used.)
The password for each user name must consist of 28 alphanumeric characters or less.
After installation, the only account registered for the authentication mechanism is the startup account specified at the time the manager of AdvancedCopy Manager was installed. However, the account is not displayed in the [Authentication Mechanism Management] window. The update permission is unconditionally assigned to the account.
The startup account can add and delete user accounts and change a user's access permission.
Authentication information in AdvancedCopy Manager must satisfy the following conditions:
The user name must consist of up to 20 alphanumeric.
The user password must consist of up to 14 alphanumeric characters.
If the reference permission or update permission is assigned to a user who does not belong to the Administrators group and the user is subsequently added to the Administrators group, the update permission is unconditionally assigned to the user.
Note the following points about using the software under Windows(R) 2000/2003.
NetBIOS over TCP/IP setting
When using the software under Windows(R) 2000/2003, do not disable "NetBIOS over TCP/IP" in the advanced TCP/IP settings. The setting is enabled by default at the time of Windows(R) 200/2003 installation. If it is accidentally disabled, enable it by performing the followingsteps.
Open [Network and Dialup Connections], and open the Properties dialog box from [Local Area Connection].
Click the [Advanced] button in [TCP/IP Properties] to open the [Advanced TCP/IP Settings] dialog box.
Select the WINS tab, and check [Enable NetBIOS over TCP/IP].
Access control using a user's principal name
User authentication and access control are not available if the user has entered a principal name in Windows(R) 2000/2003. The user's principal name is a type of a user account that can be used by installing Active Directory in Windows(R) 2000/2003. A user's principal name is represented as "user-name@DNS-name".
Password length in Windows 2000/2003
Up to 127 alphanumeric characters can be specified for a password in Windows 2000/2003, but up to 40 alphanumeric characters can be specified in AdvancedCopy Manager.
To display the Authentication Feature Management window, logon to AdvancedCopy Manager using one of the startup accounts. Click on [Security], [View]. The view option displays the current user name and access permissions. To add, delete, or change permissions of the Authentication Feature users, logon to AdvancedCopy Manager using one of the startup accounts. Then click on [Security], [Users and Permissions].
If the Storage management server runs Solaris or Linux
Only root users can use the Authentication Feature Management window.
User names are displayed in numerical/alphabetical order.
Names of root users are not displayed in the window. Root users cannot execute operations such as "Add user," "Change access permission," and "Delete user" for other root users.
Changes made in this window to a user's access permissions become valid when the user logs in.
The [Authentication Mechanism Management] window is available only to the startup account specified when the manager of AdvancedCopy Manager is installed.
User names are displayed in alphanumerical order. The names of users who belong to the Administrators group are grayed out.
The user name of the startup account is not displayed. The [Add User], [Change Access Permission] and [Delete User] functions applicable to that user cannot be accessed.
The displayed name of a user who is performing an authentication mechanism operation is grayed out, and no operations applicable to this user are available.
After a user's access permission is changed in the [Authentication Mechanism Management] window, the changes come into effect the next time the user logs in.
If the operation permission or reference permission is assigned to a user who does not belong to the Administrators group and the user is subsequently added to the Administrators group, the displayed name of the user is grayed out and the update permission is assigned. In the [Authentication Mechanism Management] window, however, the previously assigned access permission (operation permission and reference permission) is displayed. To avoid a misunderstanding, use the [Change Access Permission] function to change the user's access permission so that it matches the updated permission.
The registered user list and access information are displayed.
|
Header |
Explanation |
|---|---|
|
User name |
The registered user name is displayed. |
|
Backup Management |
Backup Management access permission given to user |
|
Replication Management |
Relationship Management access permission given to user |
The menus displayed on the menu bar are explained below.
The only function available is [Exit].
This menu is used to open the dialogs of each operation. The tasks on this menu can also be accessed by right-clicking the Authentication Feature management window and selecting them from the popup menu. The available operations are explained below.
"Add User"
A user can be registered. For details, refer to "Add User Dialogue."
"Change access permission"
Access permission given to a user can be changed. For details, refer to "Change Access Permission Dialog."
"Delete User"
A registered user can be deleted. For details, see "Delete User Dialogue."
To perform a task for a specific user, select the user, then click [Operation] and select the desired function. To process two or more users, select all of the users in advance.
If no user is selected and you click the [Operation] menu, the only option available is Add user.
The only option in this menu is [Refresh]. Select [Refresh] to immediately display access permission changes.
When "Refresh" is executed, the user names are displayed in numerical and alphabetical order.
The [Help] menu has two options. [Help] displays help for this window and [Version] display the version number of AdvancedCopy Manager.
A user can be registered in this dialog. Select the user to be registered from the list and move it to the "Users to be added" list. Select the access permission for this user, and then click the [OK] button. Two or more users can be selectedto be added.
User names registered on the storage management server are displayed.
A user name registered with a management function is not displayed in the user name list dialog.
If a selected user cannot be found, the warning dialog shown in Figure 2.10 is displayed and the Authentication feature management window is displayed.
When this dialogue is opened, and carrying out no operations of access permission, the gray is displayed to the access permission of ">>" "<<" "OK" button and each management. Moreover, an initial value of the access permission is a read permission.
If an error occurs when defining multiple users, only the definition for the affected user need be repeated. In the example shown in Figure 2.11, there were three user definition errors. Select one message at a time to obtain help information pertaining to each error.
If the Storage management server runs Windows
The displayed user name is the local user name registered on the Storage management server. If the Storage management server is the primary or backup domain controller, "Domain User Name" is displayed.
A user to be added must have the local login permission to the system. If a user without the local login permission is added, authentication of the user causes an error.
The names of users who belong to the Administrators group are displayed in gray. Only the update permission can be assigned as the access permission for any of the users. Moreover, only the update permission can be assigned to multiple user processes that include a user who belongs to the Administrator group.
An access permission given to a selected user can be changed in this dialog. Select the desired access permission from the combo box and then click the [OK] button. When two or more users are selected, the specified access permission is set for all of the selected users.
If the Storage management server runs Solaris or Linux
When this dialog is opened by specifying a user, the user'scurrent access permissions for each management function are displayed. When this dialog is displayed by selecting multiple users, "no access permission" is displayed as the default access permission for each management function. "Write permission" is displayed for a user in the Administrators group as the default access permission. Only the Write permission can be set when processing multiple users and one or more of those users belong to the Administrators group.
If an error occurs when defining multiple users, only the definition for the affected user need be repeated.
If the Storage management server runs Windows
When this window is opened with a user selected, the user's access permissions for the current management task are displayed. If it is opened with multiple users' access permissions selected, "No access permission" is displayed as the default value for each access permission in this management task. The default access permission of a user who belongs to the Administrators group is "update permission," and is the only permission available. Moreover, only the update permission can be assigned or displayed for multiple user processes that include a user who belongs to the Administrator group.
If a definition error occurs for some of the selected users when changes are made, only repeat the changes for the users who experienced the error.
A selected user can be deleted with this dialog. Check the user name and then click the [OK] button. When two or more users are selected, the users are deleted simultaneously.
If an error occurs when deleting multiple users, only the operation for the affected user need be repeated.
Permission information about logged-in users is displayed in this dialog. This dialog is also displayed when [View] is selected on the Authentication Feature Management window.
|
Contents
Index
|