Encryption user privileges
In BNA, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly
assigned to users; users get privileges because they belong to a role in a resource group. A user
can only belong to one resource group at a time.
BNA provides three pre-configured roles:
•
•
•
Table 1
are enabled from the Encryption Center dialog box:
TABLE 1
Privilege
Storage Encryption
Configuration
Storage Encryption Key
Operations
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
Storage encryption configuration
Storage encryption key operations
Storage encryption security
lists the associated roles and their read/write access to specific operations. The functions
Encryption privileges
Read/Write
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties.
•
View the Encryption Group Properties Security tab.
•
View encryption targets, hosts, and LUNs.
•
View LUN centric view
•
View all rekey sessions
•
Add/remove paths and edit LUN configuration on LUN centric view
•
Rebalance encryption engines.
•
Clear tape LUN statistics
•
Create a new encryption group or add a switch to an existing encryption group.
•
Edit group engine properties (except for the Security tab)
•
Add targets.
•
Select encryption targets and LUNs to be encrypted or edit LUN encryption settings.
•
Edit encryption target hosts configuration.
•
Show tape LUN statistics.
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties,
•
View the Encryption Group Properties Security tab.
•
View encryption targets, hosts, and LUNs.
•
View LUN centric view.
•
View all rekey sessions.
•
Initiate manual rekeying of all disk LUNs.
•
Initiate refresh DEK.
•
Enable and disable an encryption engine.
•
Decommission LUNs.
•
Zeroize an encryption engine.
•
Restore a master key.
•
Edit key vault credentials.
•
Show tape LUN statistics.
Encryption user privileges
2
15