Veritas InfoScale™ Operations Manager 7.3.1 Frequently Asked Questions

Organization and permissions

No, in Veritas InfoScale Operations Manager 7.3.1 you cannot add secondary authentication broker.

Veritas InfoScale Operations Manager supports the authentication mechanism that is configured in the operating system, including Pluggable Authentication Modules (PAM), Network Information Service (NIS), or NIS+, with the exception of multi-factor authentication mechanisms. In addition to the native operating system authentication,Veritas InfoScale Operations Manager supports Lightweight Directory Access Protocol (LDAP) and Active Directory (AD). You can view the following authentication domain types on the Veritas InfoScale Operations Manager log in page:

Veritas InfoScale Operations Manager has three predefined roles: Admin, Operator, and Guest.

A user group with Admin role can perform tasks such as creating or deleting a disk group, bringing a service group online, or performing thin reclamation on thin pools in an enclosure.

Operator role is available only in the Availability perspective. A user group with operator role can perform operations such as switching a service group or auto enabling a service group.

A user group with Guest role can only view the information displayed in the perspective.

Veritas InfoScale Operations Manager makes use of the existing user groups within Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or the native operating system authentication of Windows or UNIX. The root user can configure LDAP or AD using the Management Server console. Click Settings > Security to configure LDAP or AD.

Click Settings > Permissions tab to assign permissions to the user groups on a perspective.

To assign permissions on Organizations and objects, right-click on the Organization or object and open Properties > Permissions tab.

Organization is a collection of objects in a perspective that can be secured and managed as a group. Organizations can be created in all perspectives except in the Management Server perspective. The objects within the Organization may or may not represent the physical organization of the objects in the actual data center. You can also create nested Organizations.

In a real-life data center, an UNIX administrator may want to see all the UNIX hosts in a single location to facilitate operations. The UNIX administrator can create an Organization which is a virtual folder for all UNIX hosts. Similarly the Windows administrator can create an Organization having Windows hosts.

Assigning permissions restricts unauthorized operations on an object. In a real-life data center, an UNIX administrator, who has created an Organization consisting of UNIX hosts will want a group of users to perform relevant task on the hosts. This group can be assigned the Admin role. The user group which works on Windows hosts can have a Guest role on this Organization. This will allow them to view the hosts but will be restricted from performing any actions.