Create access groups

Typically various sets of users tend to use the same applications that use common features from a given host. They typically require the same volume resources and permissions of access to these shared volumes. For this reason, hosts are registered in groups that are identified with a group name, which serves as a root for all access control entries (ACEs) in the group.

Prerequisites

See Roles and associated permissions to determine the user roles that can perform this task.

About this task

Access groups contain groups of access IDs and their ID names. Any ID and name must belong to just one group and are entered into the database together. For ease of management, it is highly recommended that you choose an access ID name that best associates with the particular host in use. For example, SunHost1 is more appropriate than a name such as JRSMITH.

After the group has been created, the group name can be used to create access control entries (ACEs).

To create an access control group:

Steps

  1. Select a storage system.
  2. Click Settings icon.
  3. In the Settings dialog, click System Access Control > Access Groups.
  4. To enable active management, enter your Access Control PIN: View access controls
  5. Click Create.
  6. Type a Group Name.
    Access group names must be unique from other access pools on the system and cannot exceed 31 characters. Only alphanumeric characters, underscores ( _ ), and dashes (-) are allowed. Access group names are case-sensitive.
  7. Type the Host ID.
    This value is the name of the access ID (eight characters).
  8. Type the host's Unique Access ID.
    To find this value, run the SYMCLI command symacl - unique on the host system, (host ID example: 2C5E05B6-53408AC9-9C3F747C).
  9. To add an access ID to the access group, click Add (see Add access ID to access groups).
  10. Click OK.