Encryption user privileges
In the Management application, resource groups are assigned privileges, roles, and fabrics.
Privileges are not directly assigned to users; users get privileges because they belong to a role in a
resource group. A user can only belong to one resource group at a time.
The Management application provides three pre-configured roles:
•
•
•
Table 1
are enabled from the Encryption Center dialog box:
TABLE 1
Privilege
Storage Encryption
Configuration
Storage Encryption Key
Operations
Storage Encryption
Security
Fabric OS Encryption Administrator's Guide
53-1002159-03
Storage encryption configuration.
Storage encryption key operations.
Storage encryption security.
lists the associated roles and their read/write access to specific operations. The functions
Encryption User Privileges
Read/Write
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties.
•
View the Encryption Group Properties Security tab.
•
View encryption targets, hosts, and LUNs.
•
View LUN centric view
•
View all re-key sessions
•
Add/remove paths and edit LUN configuration on LUN centric view
•
Re-balance encryption engines.
•
Clear tape LUN statistics
•
Create a new encryption group or add a switch to an existing encryption group.
•
Edit group engine properties (except for the Security tab)
•
Add targets.
•
Select encryption targets and LUNs to be encrypted or edit LUN encryption settings.
•
Edit encryption target hosts configuration.
•
Show tape LUN statistics.
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties,
•
View the Encryption Group Properties Security tab.
•
View encryption targets, hosts, and LUNs.
•
View LUN centric view.
•
View all re-key sessions.
•
Initiate manual re-keying of all disk LUNs.
•
Initiate refresh DEK.
•
Enable and disable an encryption engine.
•
Zeroize an encryption engine.
•
Restore a master key.
•
Edit key vault credentials.
•
Show tape LUN statistics.
•
Launch the Encryption center dialog box.
•
View switch, group, or engine properties.
•
View Encryption Group Properties Security tab.
•
View LUN centric view.
•
View all re-key sessions.
•
View encryption targets, hosts, and LUNs.
•
Create a master key.
•
Backup a master key.
•
Edit smart card.
•
View and modify settings on the Encryption Group Properties Security tab (quorum size,
authentication cards list and system card requirement).
•
Show tape LUN statistics.
Encryption user privileges
2
15