Fabric OS Encryption Administrator’s Guide (DPM) 15
53-1002720-02
Encryption user privileges
2
Encryption user privileges
In BNA, resource groups are assigned privileges, roles, and fabrics. Privileges are not directly
assigned to users; users get privileges because they belong to a role in a resource group. A user
can only belong to one resource group at a time.
BNA provides three pre-configured roles:
• Storage encryption configuration
• Storage encryption key operations
• Storage encryption security
Table 1 lists the associated roles and their read/write access to specific operations. The functions
are enabled from the Encryption Center dialog box:
TABLE 1 Encryption privileges
Privilege Read/Write
Storage Encryption
Configuration
• Launch the Encryption center dialog box.
• View switch, group, or engine properties.
• View the Encryption Group Properties Security tab.
• View encryption targets, hosts, and LUNs.
• View LUN centric view
• View all rekey sessions
• Add/remove paths and edit LUN configuration on LUN centric view
• Rebalance encryption engines.
• Clear tape LUN statistics
• Create a new encryption group or add a switch to an existing encryption group.
• Edit group engine properties (except for the Security tab)
• Add targets.
• Select encryption targets and LUNs to be encrypted or edit LUN encryption settings.
• Edit encryption target hosts configuration.
• Show tape LUN statistics.
Storage Encryption Key
Operations
• Launch the Encryption center dialog box.
• View switch, group, or engine properties,
• View the Encryption Group Properties Security tab.
• View encryption targets, hosts, and LUNs.
• View LUN centric view.
• View all rekey sessions.
• Initiate manual rekeying of all disk LUNs.
• Initiate refresh DEK.
• Enable and disable an encryption engine.
• Decommission LUNs.
• Zeroize an encryption engine.
• Restore a master key.
• Edit key vault credentials.
• Show tape LUN statistics.
Comments to this Manuals