Creating a vStore User
A vStore user is the administrator for managing the vStore space. A vStore user can log in to DeviceManager and query the vStore view.
Prerequisites
- A vStore has been created.
- If an LDAP user or user group is to be created, a domain authentication server has been configured.
- If an LDAP user or user group is to be created, a domain authentication mode has been selected.
Choose
vStore > Details > Permission Setting > Domain Authentication Mode. On the page for changing the domain authentication mode, select vStore or System for the domain authentication mode, and save the settings. The domain authentication mode is set successfully. If vStore is selected for the domain authentication mode, configure the domain authentication server in the vStore view. If System is selected for the domain authentication mode, configure the domain authentication server in the system view.
Context
Only the super administrator can create vStore users.
Procedure
- Log in to DeviceManager.
- Choose
vStore.
- In the vStore view, click
or
to select the vStore for which a user is to be created.
- Click Details at the lower-right corner of the vStore card.
The vStore page is displayed.
- Choose Permission Settings > User Management and click Add.
The Add vStore User dialog box is displayed.
- Set user information.
- Select Local user from the Type list and configure the information about local users.
Table 3-6 describes related parameters.
Table 3-6 Local user parametersParameter
Description
Value
Type
Type of the vStore user, which can be Local user, LDAP user, or LDAP user group.
NOTE:LDAP user supports LDAP domain users and AD domain users, and LDAP user group supports LDAP domain user groups and AD domain user groups.
[Example]
Local user
Username
Name of a newly created user.
[Value range]
- The name contains 6 to 32 characters.
- The name can only contain letters, digits, and underscores (_) and must start with a letter.
- The user name must be unique among all users.
NOTE:You can modify the user name policy in Configuring Security Policy.
[Example]
user1234
Password
Password of a newly created user.
NOTE:- You can modify the password rules in Security Policies.
- Keep your password safe.
- Only users whose Type is Local user require a password.
[Value range]
- The password contains 8 to 32 characters.
- The password must contain special characters, including !"#$%&'()*+-.;<=>?@[\]^`{_|}~ and spaces.
- The password must contain any two types of uppercase letters, lowercase letters and digits.
- The maximum number of consecutive same characters cannot exceed 3.
- The password cannot be the same as the user name or mirror writing of the user name.
[Example]
Ab#123456
Confirm password
Password for confirmation.
[Value range]
The value must be the same as that of Password.
[Example]
Ab#123456
Password Always Valid
After this parameter is set, the password validity period is not restricted by the password validity period in the security policy.
NOTE:This parameter applies to V500R007C20 and later versions.
[Default value]
Not enabled
Description
Description of a newly created user.
[Example]
User
Role
Role of a newly created user. The vStore roles preset by the storage system are as follows:
- vStore administrator: All permissions of managing vStores.
- vStore data protection administrator: Permission of data protection management, including local data protection, remote data protection, and HyperMetro data protection for vStores.
- vStore protocol administrator: Permission of managing vStore protocols, including authenticated users and shares of vStores.
NOTE:If default roles cannot meet your requirements, you can choose
Settings >
Permission Settings > Role Management to create roles.
[Example]
vStore data protection administrator
Level
Level of a user. Possible values are as follows:
- Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, import and activate license files, or power off and restart devices.
- Read-only user: has only the access permission for the storage system and can perform queries only.
[Example]
Administrator
Synchronized to the secondary end of a HyperMetro vStore pair
Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair.
NOTE:- This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device.
- Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission.
- If you fail to query the remote device's management IP address, manually enter it as prompted.
- If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.
[Default value]
Not enabled
- Select LDAP user or LDAP user Group from the Type list and configure the information about LDAP domain users or LDAP domain user groups respectively. Table 3-7 describes related parameters.
Table 3-7 LDAP domain user or LDAP domain user group parameters
Parameter
Description
Value
Username
Name of a newly created LDAP user or LDAP user group.
NOTE:The LDAP user or LDAP user group to be created must reside on the LDAP domain server. Otherwise, the login will fail.
[Value range]
- The user name contains 1 to 64 characters.
- The user name must be unique among all users.
[Example]
user12345
Description
Description of a newly created user.
[Example]
User
Role
User permission range. You can select the built-in role provided by the system or add a role.
[Example]
vStore administrator
Level
Level of a newly created LDAP user or LDAP user group. Possible values are as follows:
- Administrator: has partial system administration permissions. Specifically, administrators cannot manage users, upgrade storage devices, modify system time, power off or restart devices.
- Read-only user: has only the access permission for the storage system and can perform queries only.
[Example]
Read-only user
Synchronized to the secondary end of a HyperMetro vStore pair
Synchronize the newly created vStore user to the secondary end of a HyperMetro vStore pair.
NOTE:- This parameter is generated only when a HyperMetro vStore pair is established consisting of one vStore on the primary array and another on the secondary array, and can be enabled only on the primary device.
- Ensure that the configured user information complies with the security policy of the HyperMetro vStore pair's secondary end, and the selected role corresponds to a peer role at the HyperMetro vStore pair's secondary end and the two roles have the same permission.
- If you fail to query the remote device's management IP address, manually enter it as prompted.
- If a session has been established between the primary device and secondary device, their communication is available without entering the remote device's super administrator name and password. If no session is established, you need to manually enter the remote device's super administrator name and password to create a session.
[Default value]
Not enabled
- Select Local user from the Type list and configure the information about local users.
- Confirm the user account creation.
- Click OK.
The Success dialog box is displayed, indicating that the operation succeeded.
- Click OK.
- Click OK.
Follow-up Procedure
A vStore user can log in to DeviceManager with the user name and password, enter the vStore view, and operate or manage storage resources within the vStore space.