Domain Type; Users And Domain Rights; Object And Domain Association Rules; The Default And Current Domains - HP 3PAR StoreServ 7200 2-node Manual

Domain Type

The first tier of access control is the domain to which a subset of a system's objects belong. The
objects can be assigned to a specific domain, or have no domain association.
The no domain contains objects that do not belong to any specified domains. For example,
objects in an existing system that did not previously use domains do not belong to any domains.
specified domains are created by the domain administrator and contain objects specific
to that domain. Only users with rights over that domain can work with those objects. For
example, User A in Domain A can access objects in Domain A, but not in Domain B. Multiple
specified domains can be created. Users with the Super role can browse and edit objects
in all domains.

Users and Domain Rights

By default, users with the Super role have rights over the entire system. Only these users and users
belonging to the Edit user role in the all domain can create and edit CPGs, hosts, Remote Copy
groups, and assign CPGs and hosts to specified domains. Additionally, these users have access
to all domains and their objects.
When setting up domains and users in the system, some users may require access to multiple
domains with different user rights. virtual domains allow users access to more than one domain
and a single user can be assigned different user roles in each domain.
NOTE: A user having rights over multiple domains cannot perform intra-domain operations
between objects in different domains. Users can have access to a maximum of 32 domains.

Object and Domain Association Rules

Domains contain basic objects such as CPGs, hosts, and Remote Copy groups, and derived objects
such as VVs, LDs, and VLUNs. Objects and their associations with domains must adhere to the
following rules:
Objects derived from a CPG inherit the domain of that CPG.
VVs can only be exported to hosts belonging to the VVs' domain.
A VLUN inherits the domain of the VV and host from which the VLUN was exported.

The Default and Current Domains

When a user is initially created, the user is able access objects in all assigned domains. The user
can browse or edit objects depending on the user's assigned user role. For example, an Edit user
assigned to Domains A and B can view and work on objects in both Domains A and B. However,
if it is apparent that a specific domain will receive the majority of attention from a user, virtual
domains provide the ability for administrators to set a default domain for that user.
Users and Domain Rights 25