ADVERTISEMENT

symauth commands

The symauth command is used to sets up or updates Symmetrix user authorization information.

Below list contains some of the most useful symauth command examples.

  • symauth -sid 1234 -file add_a_role_to_user_for_component.txt commit

    add_a_role_to_user_for_component.txt
    ------------------------
    add user H:Server1\User1 to role LocalRep for StorGrp SG_Server1;


    Add a Storage LocalRep role to User1 on Storage Group SG_Server1. Only LocalRep, RemoteRep and DeviceManage roles can be assigned to a Storage Group component.
    Copied

  • symauth -sid 1234 -file assign_role_to_domain_user.txt commit

    assign_role_to_domain_user.txt
    ------------------------------
    assign user D:mydomain\User1 to role StorageAdmin;


    Assign StorageAdmin role to the AD user User1
    Copied

  • symauth -sid 1234 -file assign_role_to_group.txt commit

    assign_role_to_group.txt
    ------------------------
    assign group D:mydomain\mygroup to role StorageAdmin;


    Assign StorageAdmin role group mygroup that is part of mydomain
    Copied

  • symauth -sid 1234 -file assign_role_to_local_user.txt commit

    assign_role_to_local_user.txt
    ---------------
    assign user H:Server1\User1 to role StorageAdmin;


    Assign StorageAdmin role to the local user User1 of Server1
    Copied

  • symauth -sid 1234 -file assign_role_user.txt commit

    assign_role_user.txt
    -------------------
    assign user User1 to role StorageAdmin;


    Assign StorageAdmin role user User1. User1 may be a local user or a domain user.
    Copied

  • symauth -sid 1234 -file delete_all_roles_of_group.txt commit

    delete_all_roles_of_user.txt
    ------------------------
    delete group D:mydomain\mygroup;


    Delete all the roles assigned to user User1
    Copied

  • symauth -sid 1234 -file delete_all_roles_of_user.txt commit

    delete_all_roles_of_user.txt
    ------------------------
    delete user H:Server1\User1;


    Delete all the roles assigned to user User1
    Copied

  • symauth -sid 1234 -file delete_a_role_of_group.txt commit

    delete_a_role_of_group.txt
    ------------------------
    remove group D:mydomainmygroup from role StorageAdmin;


    Remove a particular role assigned to a group
    Copied

  • symauth -sid 1234 -file delete_a_role_of_user.txt commit

    delete_a_role_of_user.txt
    ------------------------
    remove user H:Server1User1 from role StorageAdmin;


    Remove a particular role assigned to a user
    Copied

  • symauth -sid 1234 -file re_assign_role_of_group.txt commit

    re_assign_role_of_group.txt
    ------------------------
    reassign group D:mydomain\mygroup to role Monitor;


    Re assign role of group mygroup to Monitor
    Copied

  • symauth -sid 1234 -file re_assign_role_of_user.txt commit

    re_assign_role_of_user.txt
    ------------------------
    reassign group D:mydomain\User1 to role Monitor;


    Re assign role of Domain user User1 to Monitor
    Copied

  • symauth -sid 1234 backup -f BackupFile

    Save the contents of the user and group authorization database from Symmetrix array 1234 to the file called BackupFile
    Copied

  • symauth -sid 1234 disable

    Disable user authorization in Symmetrix array 1234.
    Copied

  • symauth -sid 1234 enable

    Enable user authorization in Symmetrix array 1234. We must have created at least one mapping for a user to Admin or SecurityAdmin before this.
    Copied

  • symauth -sid 1234 list

    Display the Symmetrix user authorization state Enabled or Disabled in array 1234. This command also shows the timestamp when it is last enabled, disabled and updated.
    Copied

  • symauth -sid 1234 list -users

    List the users and groups currently defined on the Symmetrix array 1234 along with their corresponding role. This also shows if the access limited any specific components.
    Copied

  • symauth -sid 1234 list -users -by_domain

    Liss the users and groups currently defined on the Symmetrix array 1234 sorted by user-group domain. This also shows if the access limited any specific components.
    Copied

  • symauth -sid 1234 list -users -by_role

    List the users and groups currently defined on the Symmetrix array 1234 sorted by role. This also shows if the access limited any specific components.
    Copied

  • symauth -sid 1234 list -users -by_user

    List the users and groups currently defined on the Symmetrix array 1234 sorted by the user name. This also shows if the access limited any specific components.
    Copied

  • symauth -sid 1234 list -users -current_user

    List the current user accessing the Symmetrix array 1234 along with its corresponding role. This also shows if the access limited any specific components.
    Copied

  • symauth -sid 1234 set enforcement advice

    Set the enforcement type to advice. Authorization rules are checked but not enforced. Operations will succeed if the user does not have the necessary rights (role).
    Copied

  • symauth -sid 1234 set enforcement enforce

    Set the enforcement type to enforce. Authorization rules are enforced. If a user does not have the necessary rights (role), operations will fail. This is the default setting.
    Copied

  • symauth -sid 1234 set secure_reads disable

    Disable the secure reads. This will make authorization rules visible to all users.
    Copied

  • symauth -sid 1234 set secure_reads enable

    Enable the secure reads. Users may only view authorization rules that apply to them. Only users with SECURITY_VIEW permissions (AUDITOR role) can view the full set of rules.
    Copied

  • symauth -sid 1234 show -username

    Display current username that Solutions Enabler identifies as accessing the Symmetrix array. This command also display all the groups to which the user belongs.
    Copied

  • symauth list -components

    List the array components types that are supported to specify the access. Common components are Storage Groups and Thin pools.
    Copied

  • symauth list -roles

    List the various user authorization roles available on a Symmetrix array along with a short description of that role.
    Copied

[ view all commands ]

Roles and Scope

RoleDescription
None Has no rights.
MonitorPerforms read-only operations on a Symmetrix array excluding the ability to read the audit log or Access Control definitions.
PerfMonitorIncludes Monitor role permissions and grants additional privileges within the performance component of Unisphere for VMAX application to setup various alerts and update thresholds to monitor Symmetrix performance.
StorageAdminPerforms all management operations on a Symmetrix array or on individual components within an array. This is the only role that can be given access rights to specific components within an array and is limited to Virtualization domain users.
SecurityAdmin Performs security operations (symaudit, symacl, symauth) on a Symmetrix array in addition to all monitor operations. Users or groups assigned the SecurityAdmin or Admin roles can create or delete component-specific authorization rules.
Admin Performs all operations on a Symmetrix array, including security operations, in addition to all monitor operations, and including application performance monitor privileges. Has both StorageAdmin and SecurityAdmin rights.
AuditorGrants the ability to view, but not modify, security settings for a Symmetrix array (including reading the audit log, symacl list, and symauth) in addition to all monitor operations. This is the minimum role required to view the Symmetrix audit log.