Planning vStore Services
To strike a balance among storage system security, performance, and cost, you must properly plan vStore services to facilitate follow-up service configurations and management.
Context
To prevent misoperations from compromising the storage system stability and service data security, the storage system defines user levels and roles to determine user permission and scope of permission.
- System users: Indicates default system roles or customized system roles that can create vStores for a storage system and allocate storage resources to vStores. Table 2-1 lists the system roles and their permissions preset in the storage system.
- vStore users: Indicates default vStore roles or customized vStore roles that can complete vStore-related settings in the vStore view. Table 2-2 lists the vStore roles and their permissions preset in the storage system.
You can add system roles or vStore roles to manage the storage system.
Preset Role |
Function Group |
Scope of Permission |
---|---|---|
Super administrator |
System group |
All permissions over the system |
Administrator |
System group |
All permissions except user management and security configuration |
Security administrator |
System group |
Permission for managing system security configurations, including security rules, certificates, audit, KMC, antivirus software, data erasing, and regulation clocks |
Network administrator |
System group |
Permission for managing system network resources, including physical ports, logical ports, VLANs, and failover groups |
SAN resource administrator |
System group |
Permission for managing SAN resources, including storage pools, LUNs, mapping views, hosts, and ports |
NAS resource administrator |
System group |
Permission for managing NAS resources, including storage pools, file systems, file servers, authentication users, networks, quota trees, and shares |
Data protection administrator |
System group |
Permission for managing data protection, including local data protection, remote data protection, and HyperMetro data protection |
Backup administrator |
System group |
Permission for managing data backup, including local data, remote data, and mapping views |
Preset Role |
Function Group |
Scope of Permission |
---|---|---|
vStore administrator |
vStore group |
All vStore management permissions |
vStore data protection administrator |
vStore group |
Permission for managing vStore data protection, including local data protection, remote data protection, and HyperMetro data protection for vStores |
vStore protocol administrator |
vStore group |
Permission for managing vStore protocols, including authentication users and shares of vStores |
Besides preset roles, customized roles can be created for a storage system as well. For details about the permissions of customized roles, see Permission Matrix for Self-defined Roles (Applicable to V500R007C10 and Earlier Versions) or Permission Matrix for Self-defined Roles (Applicable to V500R007C20 and Later).