Home > Storage > PowerMax and VMAX > Storage Admin > Implementing Dell SRDF SRA with VMware SRM > Symmetrix Authorizations
Symmetrix Authorizations provide an additional tool to restrict the management operations allowed for individual users or groups in a PowerMax array. Symmetrix Authorizations and the previously discussed Symmetrix Access Control Lists are independent utilities but can be used together for maximum security.
By using the SYMCLI symauth command or Unisphere for PowerMax, a user or group is mapped to a specific role that defines the operations the user or group can perform on an entire PowerMax array. Authorization is configured independently for each PowerMax array.
A role is a predefined set of permissions, or access types, that determines what operations a user can perform. Unlike host-based access control, a user is assigned a particular role for the entire PowerMax array. Roles are predefined in Solutions Enabler and cannot be modified. For each PowerMax array, a given user or group can only be assigned a single role.
These are the roles defined in Symmetrix Authorizations:
The following authentication types are supported:
User authorizations can be added using Solutions Enabler CLI or Unisphere for PowerMax. Figure 189 show the process to add an authorization using Unisphere for PowerMax, while Figure 190 shows how to add an authorization with Solutions Enabler.
Note that the Solutions Enabler “symauth” command requires that the user information and authorization level be entered into a user-created input file and passed into the command via the “-file” option.
If the SYMAUTH database has missing or incorrect credentials, the target Solutions Enabler server will report authentication errors in its Solutions Enabler log for each array for which it has local or remote access to and that has Symmetrix Authorizations enabled. These errors will indicate the user name, group name, syntax and the authorization level required for the Solutions Enabler request. The error will look similar to the one below:
01/31/2012 10:15:50.781 2736 1368 EMC:VICLIENTPLUGIN
check_user_perms User Authorization Failure [Enforce Mode] for User D:EBC\hostec, Group D:EBC\Domain Users, SID 000192603603 -- 'BASE' rights not present (minimum necessary role: Monitor)
The SRA supports the user of Symmetrix Authorizations. For the SRA to properly function, certain authorization roles are required to be assigned to the user account running the VMware vCenter Site Recovery Manager service. It is important to note that the authorization roles should not be assigned to the user account logged into the vSphere Client managing SRM. The account that actually issues the Solutions Enabler calls to the PowerMax is the account which the calls the SRA.