No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

SmartMulti-Tenant Feature Guide for Block

OceanStor V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, 6800F V5, 18500 V5, 18500F V5, 18800 V5, and 18800F V5. This document describes the implementation principles and application scenarios of the SmartMulti-Tenant feature. Also, it explains how to configure and manage SmartMulti-Tenant.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Creating a vStore User

Creating a vStore User

A vStore user is the administrator for managing the vStore space. A vStore user can log in to DeviceManager and query the vStore view.

Prerequisites

  • A vStore has been created.
  • If an LDAP user or user group is to be created, a domain authentication server has been configured.
  • If an LDAP user or user group is to be created, a domain authentication mode has been selected.
    NOTE:

    Choose vStore > Details > Permission Setting > Domain Authentication Mode. On the page for changing the domain authentication mode, select vStore or System for the domain authentication mode, and save the settings. The domain authentication mode is set successfully. If vStore is selected for the domain authentication mode, configure the domain authentication server in the vStore view. If System is selected for the domain authentication mode, configure the domain authentication server in the system view.

Context

Only the super administrator can create vStore users.

Procedure

  1. Log in to DeviceManager.
  2. Choose vStore.
  3. In the vStore view, click or to select the vStore for which a user is to be created.
  4. Click Details at the lower-right corner of the vStore card.

    The vStore page is displayed.

  5. Choose Permission Settings > User Management and click Add.

    The Add vStore User dialog box is displayed.

  6. Set user information.

    • Select Local user from the Type list and configure the information about local users.

      Table 3-6 describes related parameters.

      Table 3-6 Local user parameters

      Parameter

      Description

      Value

      Type

      Type of the vStore user, which can be Local user, AD Domain User, or AD Domain User Group.

      [Example]

      Local user

      Username

      Name of a newly created user.

      [Value range]

      • The name contains 6 to 32 characters.
      • The name can only contain letters, digits, and underscores (_) and must start with a letter.
      • The user name must be unique among all users.
      NOTE:

      You can modify the user name policy in Configuring Security Policy.

      [Example]

      user1234

      Password

      Password of a newly created user.

      NOTE:
      • You can modify the password rules in Security Policies.
      • Keep your password safe.
      • Only users whose Type is Local user require a password.

      [Value range]

      • The password contains 8 to 32 characters.
      • The password must contain special characters, including !"#$%&'()*+-.;<=>?@[\]^`{_|}~ and spaces.
      • The password must contain any two types of uppercase letters, lowercase letters and digits.
      • The maximum number of consecutive same characters cannot exceed 3.
      • The password cannot be the same as the user name or mirror writing of the user name.

      [Example]

      Ab#123456

      Confirm password

      Password for confirmation.

      [Value range]

      The value must be the same as that of Password.

      [Example]

      Ab#123456

      Password Always Valid

      After this parameter is set, the password validity period is not restricted by the password validity period in the security policy.

      NOTE:

      This parameter applies to V500R007C20 and later versions.

      [Default value]

      Not enabled

      Description

      Description of a newly created user.

      [Example]

      User

      Role

      Role of a newly created user. The vStore roles preset by the storage system are as follows:

      • vStore administrator: All permissions of managing vStores.
      • vStore data protection administrator: Permission of data protection management, including local data protection, remote data protection, and HyperMetro data protection for vStores.
      • vStore protocol administrator: Permission of managing vStore protocols, including authenticated users and shares of vStores.
      NOTE:

      If default roles cannot meet your requirements, you can choose Settings > Permission Settings > Role Management to create roles.

      [Example]

      vStore data protection administrator

      Level

      Level of a user. Possible values are as follows:

      • Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, import and activate license files, or power off and restart devices.
      • Read-only user: has only the access permission for the storage system and can perform queries only.

      [Example]

      Administrator

      Synchronized to the secondary end of a HyperMetro vStore pair

      Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair.

      NOTE:
      • This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device.
      • Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission.
      • If you fail to query the remote device's management IP address, manually enter it as prompted.
      • If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.

      [Default value]

      Not enabled

    • Select LDAP user or LDAP user Group from the Type list and configure the information about LDAP domain users or LDAP domain user groups respectively. Table 3-7 describes related parameters.
      Table 3-7 LDAP domain user or LDAP domain user group parameters

      Parameter

      Description

      Value

      Username

      Name of a newly created LDAP user or LDAP user group.

      NOTE:

      The LDAP user or LDAP user group to be created must reside on the LDAP domain server. Otherwise, the login will fail.

      [Value range]

      • The user name contains 1 to 64 characters.
      • The user name must be unique among all users.

      [Example]

      user12345

      Description

      Description of a newly created user.

      [Example]

      User

      Role

      User permission range. You can select the built-in role provided by the system or add a role.

      [Example]

      vStore administrator

      Level

      Level of a newly created LDAP user or LDAP user group. Possible values are as follows:

      • Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, power off or restart devices.
      • Read-only user: has only the access permission for the storage system and can perform queries only.

      [Example]

      Read-only user

      Synchronized to the secondary end of a HyperMetro vStore pair

      Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair.

      NOTE:
      • This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device.
      • Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission.
      • If you fail to query the remote device's management IP address, manually enter it as prompted.
      • If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.

      [Default value]

      Not enabled

  7. Confirm the user account creation.

    1. Click OK.

      The Success dialog box is displayed, indicating that the operation succeeded.

    2. Click OK.

Follow-up Procedure

A vStore user can log in to DeviceManager with the user name and password, enter the vStore view, and operate or manage storage resources within the vStore space.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181478

Views: 31211

Downloads: 192

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next