SmartMulti-Tenant Feature Guide for Block

Prerequisites

• A vStore has been created.
• If an LDAP user or user group is to be created, a domain authentication server has been configured.
• If an LDAP user or user group is to be created, a domain authentication mode has been selected.
  NOTE:

  Choose vStore > Details > Permission Setting > Domain Authentication Mode. On the page for changing the domain authentication mode, select vStore or System for the domain authentication mode, and save the settings. The domain authentication mode is set successfully. If vStore is selected for the domain authentication mode, configure the domain authentication server in the vStore view. If System is selected for the domain authentication mode, configure the domain authentication server in the system view.

Context

Only the super administrator can create vStore users.

Procedure

1. Log in to DeviceManager.
2. Choose vStore.
3. In the vStore view, click or to select the vStore for which a user is to be created.
4. Click Details at the lower-right corner of the vStore card.

   The vStore page is displayed.

5. Choose Permission Settings > User Management and click Add.

   The Add vStore User dialog box is displayed.

6. Set user information.
   • Select Local user from the Type list and configure the information about local users.

     Table 3-6 describes related parameters.

     Table 3-6 Local user parameters

     Parameter	Description	Value
     Type	Type of the vStore user, which can be Local user, AD Domain User, or AD Domain User Group.	[Example] Local user
     Username	Name of a newly created user.	[Value range] The name contains 6 to 32 characters. The name can only contain letters, digits, and underscores (_) and must start with a letter. The user name must be unique among all users. NOTE: You can modify the user name policy in Configuring Security Policy. [Example] user1234
     Password	Password of a newly created user. NOTE: You can modify the password rules in Security Policies. Keep your password safe. Only users whose Type is Local user require a password.	[Value range] The password contains 8 to 32 characters. The password must contain special characters, including !"#$%&'()*+-.;<=>?@[\]^`{_|}~ and spaces. The password must contain any two types of uppercase letters, lowercase letters and digits. The maximum number of consecutive same characters cannot exceed 3. The password cannot be the same as the user name or mirror writing of the user name. [Example] Ab#123456
     Confirm password	Password for confirmation.	[Value range] The value must be the same as that of Password. [Example] Ab#123456
     Password Always Valid	After this parameter is set, the password validity period is not restricted by the password validity period in the security policy. NOTE: This parameter applies to V500R007C20 and later versions.	[Default value] Not enabled
     Description	Description of a newly created user.	[Example] User
     Role	Role of a newly created user. The vStore roles preset by the storage system are as follows: vStore administrator: All permissions of managing vStores. vStore data protection administrator: Permission of data protection management, including local data protection, remote data protection, and HyperMetro data protection for vStores. vStore protocol administrator: Permission of managing vStore protocols, including authenticated users and shares of vStores. NOTE: If default roles cannot meet your requirements, you can choose Settings > Permission Settings > Role Management to create roles.	[Example] vStore data protection administrator
     Level	Level of a user. Possible values are as follows: Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, import and activate license files, or power off and restart devices. Read-only user: has only the access permission for the storage system and can perform queries only.	[Example] Administrator
     Synchronized to the secondary end of a HyperMetro vStore pair	Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair. NOTE: This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device. Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission. If you fail to query the remote device's management IP address, manually enter it as prompted. If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.	[Default value] Not enabled

   • Select LDAP user or LDAP user Group from the Type list and configure the information about LDAP domain users or LDAP domain user groups respectively. Table 3-7 describes related parameters.
     Table 3-7 LDAP domain user or LDAP domain user group parameters

     Parameter	Description	Value
     Username	Name of a newly created LDAP user or LDAP user group. NOTE: The LDAP user or LDAP user group to be created must reside on the LDAP domain server. Otherwise, the login will fail.	[Value range] The user name contains 1 to 64 characters. The user name must be unique among all users. [Example] user12345
     Description	Description of a newly created user.	[Example] User
     Role	User permission range. You can select the built-in role provided by the system or add a role.	[Example] vStore administrator
     Level	Level of a newly created LDAP user or LDAP user group. Possible values are as follows: Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, power off or restart devices. Read-only user: has only the access permission for the storage system and can perform queries only.	[Example] Read-only user
     Synchronized to the secondary end of a HyperMetro vStore pair	Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair. NOTE: This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device. Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission. If you fail to query the remote device's management IP address, manually enter it as prompted. If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.	[Default value] Not enabled

7. Confirm the user account creation.
   1. Click OK.

      The Success dialog box is displayed, indicating that the operation succeeded.

   2. Click OK.

Follow-up Procedure

A vStore user can log in to DeviceManager with the user name and password, enter the vStore view, and operate or manage storage resources within the vStore space.