ADVERTISEMENT

symauth commands

Sets up or updates Symmetrix user authorization information.
Roles and Scope

RoleDescription
None Has no rights.
MonitorPerforms read-only operations on a Symmetrix array excluding the ability to read the audit log or Access Control definitions.
PerfMonitorIncludes Monitor role permissions and grants additional privileges within the performance component of Unisphere for VMAX application to setup various alerts and update thresholds to monitor Symmetrix performance.
StorageAdminPerforms all management operations on a Symmetrix array or on individual components within an array. This is the only role that can be given access rights to specific components within an array and is limited to Virtualization domain users.
SecurityAdmin Performs security operations (symaudit, symacl, symauth) on a Symmetrix array in addition to all monitor operations. Users or groups assigned the SecurityAdmin or Admin roles can create or delete component-specific authorization rules.
Admin Performs all operations on a Symmetrix array, including security operations, in addition to all monitor operations, and including application performance monitor privileges. Has both StorageAdmin and SecurityAdmin rights.
AuditorGrants the ability to view, but not modify, security settings for a Symmetrix array (including reading the audit log, symacl list, and symauth) in addition to all monitor operations. This is the minimum role required to view the Symmetrix audit log.

[ view all commands ]

  • symauth -sid 1234 -file add_a_role_to_user_for_component.txt commit
    add_a_role_to_user_for_component.txt
    ------------------------
    add user H:Server1\User1 to role LocalRep for StorGrp SG_Server1;


    Add a Storage LocalRep role to User1 on Storage Group SG_Server1. Only LocalRep, RemoteRep and DeviceManage roles can be assigned to a Storage Group component.
  • symauth -sid 1234 -file assign_role_to_domain_user.txt commit
    assign_role_to_domain_user.txt
    ------------------------------
    assign user D:mydomain\User1 to role StorageAdmin;


    Assign StorageAdmin role to the AD user User1
  • symauth -sid 1234 -file assign_role_to_group.txt commit
    assign_role_to_group.txt
    ------------------------
    assign group D:mydomain\mygroup to role StorageAdmin;


    Assign StorageAdmin role group mygroup that is part of mydomain
  • symauth -sid 1234 -file assign_role_to_local_user.txt commit
    assign_role_to_local_user.txt
    ---------------
    assign user H:Server1\User1 to role StorageAdmin;


    Assign StorageAdmin role to the local user User1 of Server1
  • symauth -sid 1234 -file assign_role_user.txt commit
    assign_role_user.txt
    -------------------
    assign user User1 to role StorageAdmin;


    Assign StorageAdmin role user User1. User1 may be a local user or a domain user.
  • symauth -sid 1234 -file delete_all_roles_of_group.txt commit
    delete_all_roles_of_user.txt
    ------------------------
    delete group D:mydomain\mygroup;


    Delete all the roles assigned to user User1
  • symauth -sid 1234 -file delete_all_roles_of_user.txt commit
    delete_all_roles_of_user.txt
    ------------------------
    delete user H:Server1\User1;


    Delete all the roles assigned to user User1
  • symauth -sid 1234 -file delete_a_role_of_group.txt commit
    delete_a_role_of_group.txt
    ------------------------
    remove group D:mydomainmygroup from role StorageAdmin;


    Remove a particular role assigned to a group
  • symauth -sid 1234 -file delete_a_role_of_user.txt commit
    delete_a_role_of_user.txt
    ------------------------
    remove user H:Server1User1 from role StorageAdmin;


    Remove a particular role assigned to a user
  • symauth -sid 1234 -file re_assign_role_of_group.txt commit
    re_assign_role_of_group.txt
    ------------------------
    reassign group D:mydomain\mygroup to role Monitor;


    Re assign role of group mygroup to Monitor
  • symauth -sid 1234 -file re_assign_role_of_user.txt commit
    re_assign_role_of_user.txt
    ------------------------
    reassign group D:mydomain\User1 to role Monitor;


    Re assign role of Domain user User1 to Monitor
  • symauth -sid 1234 backup -f BackupFile
    Saves the contents of the user and group authorization database from Symmetrix array 1234 to the file called BackupFile
  • symauth -sid 1234 disable
    Disable user authorization in Symmetrix array 1234.
  • symauth -sid 1234 enable
    Enable user authorization in Symmetrix array 1234. We must have created at least one mapping for a user to Admin or SecurityAdmin before this.
  • symauth -sid 1234 list
    Display the Symmetrix user authorization state Enabled or Disabled in array 1234. This command also shows the timestamp when it is last enabled, disabled and updated.
  • symauth -sid 1234 list -users
    Lists the users and groups currently defined on the Symmetrix array 1234 along with their corresponding role. This also shows if the access limited any specific components.
  • symauth -sid 1234 list -users -by_domain
    Lists the users and groups currently defined on the Symmetrix array 1234 sorted by user-group domain. This also shows if the access limited any specific components.
  • symauth -sid 1234 list -users -by_role
    Lists the users and groups currently defined on the Symmetrix array 1234 sorted by role. This also shows if the access limited any specific components.
  • symauth -sid 1234 list -users -by_user
    Lists the users and groups currently defined on the Symmetrix array 1234 sorted by the user name. This also shows if the access limited any specific components.
  • symauth -sid 1234 list -users -current_user
    Lists the current user accessing the Symmetrix array 1234 along with its corresponding role. This also shows if the access limited any specific components.
  • symauth -sid 1234 set enforcement advice
    Set the enforcement type to advice. Authorization rules are checked but not enforced. Operations will succeed if the user does not have the necessary rights (role).
  • symauth -sid 1234 set enforcement enforce
    Set the enforcement type to enforce. Authorization rules are enforced. If a user does not have the necessary rights (role), operations will fail. This is the default setting.
  • symauth -sid 1234 set secure_reads disable
    Disable the secure reads. This will make authorization rules visible to all users.
  • symauth -sid 1234 set secure_reads enable
    Enable the secure reads. Users may only view authorization rules that apply to them. Only users with SECURITY_VIEW permissions (AUDITOR role) can view the full set of rules.
  • symauth -sid 1234 show -username
    Display current username that Solutions Enabler identifies as accessing the Symmetrix array. This command also displays all the groups to which the user belongs.
  • symauth list -components
    List the array components types that are supported to specify the access. Common components are Storage Groups and Thin pools.
  • symauth list -roles
    Lists the various user authorization roles available on a Symmetrix array along with a short description of that role.