1. Manuals
  2. Brands
  3. EMC Manuals
  4. Storage
  5. EMC Unity Family
  6. Security configuration manual

EMC Unity Family Security Configuration Manual page 28

Hide thumbs
Table of Contents

Advertisement

Access Control
EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
28
Current Permissions ACL
l
Proposed Permissions ACL (optional)
l
The Resource Target Expression (applicability expression) is evaluated to determine
whether or not the CAR is applicable to a given resource or not (for example,
@Resource.Department != @User.Department). If this expression evaluates to TRUE,
the Current Permissions ACL is used during the access check; otherwise, the rule is
ignored. The Proposed Permissions ACL allows the administrator to see the effect of
proposed changes to the current permissions. When the evaluation of proposed
permissions is enabled, any differences between current and proposed permissions
during an access check are logged (in the server log).
A Windows client (Windows Server 2012 or Windows 8.x) can be used to associate a
CAP with resources (that is, directories or files), if required (it is optional). When this
is done, the specified CAP will be enforced by the NAS Server for the applicable
resources. A Windows client can also be used to perform manual classification of
resources (for example, setting the country or department).
DAC CBAC is enabled on the storage system by default; however, a service command,
svc_dac, allows you to do the following:
Enable or disable the DAC feature - when disabled the CAP associated with a
l
resource is ignored (that is, only the DACL determines access).
Enable or disable the evaluation of proposed permissions. Each CAR may have
l
proposed permissions and these are distributed to the file servers. Usually, only
these permissions are not evaluated. The svc_dac command can be used to
enable the evaluation of these permissions. Once enabled any differences between
the effective permissions and the proposed permissions will be sent to the server
log. The evaluation of proposed permissions allows you to safely test proposed
changes to CARs.
Query the CAPs or CARs associated with a NAS Server compname (all, by
l
distinguished name or by id).
Add or remove custom recovery rules (to replace the default recovery rule).
l
Control the verbosity of the logging produced by DAC for diagnostic purposes.
l
For detailed information about the svc_dac command, refer to the EMC Unity Family
Service Commands Technical Notes .
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EMC Unity Family and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for EMC EMC Unity Family

Related Products for EMC EMC Unity Family

This manual is also suitable for:

Emc unityvsaEmc unity all flashEmc unityhybrid

Table of Contents

Save PDF