ADVERTISEMENT
Full list of Articles and Utilities
- BCV Creationemc
- Dynamic Vs Static SRDFemc
- EMC Quick Linksemc
- Simple Clone Operationsemc
- Solution Enabler Symcli Commandsemc
- Solution Enabler Symcli Question Bankemc
- SRDF Operationsemc
- Symdev Command to BIND and UNBINDemc
- Virtual Provisioning in VMaxemc
- VMax Allocation Stepsemc
- VMax3 and PowerMax Allocation Stepsemc
- VMax3 and PowerMax Deallocation Stepsemc
- CONVERT - Cylinders «-» GBemc
- CONVERT - Hex «-» Decimalemc
- DECODE - EMC FA WWPNemc
- DECODE - SYMM Device NAAemc
- ENCODE - EMC FA WWPNemc
- ENCODE - SYMM Device NAAemc
- GENERATE - Device Rangesemc
- GENERATE - Hex Numbersemc
- REMOVE - Duplicate Devicesemc
- SEPARATE - Devices By Commasemc
- SORT - Hex Numbersemc
- WWN - Remove or Add Colonsemc
- CREATE - Bindingemc
- CREATE - Initiator Groupemc
- CREATE - Mappingemc
- CREATE - Masking Viewemc
- CREATE - Meta Deviceemc
- CREATE - Port Goupemc
- CREATE - Storage Groupemc
- CREATE - Thin Deviceemc
- CREATE - Thin Device RDFemc
- DELETE - All Groupsemc
- DELETE - Bindingemc
- DELETE - Deviceemc
- DELETE - Mappingemc
- DELETE - Masking Viewemc
- DELETE - Thin Deviceemc
- DISOLVE - Meta Headsemc
- UPDATE - Device Attributeemc
- UPDATE - Device Groupemc
- UPDATE - Device Statusemc
- UPDATE - Storage Groupemc
- VMAX-3 Allocationemc
- Pure Flash Storage Provisioningpure
- Pure FlashArray Modelspure
- Pure Storage CLI Commandspure
- Pure Storage CLI Question Bankpure
- CREATE - Hostpure
- CREATE - Volumepure
- CREATE - Volume Connectionpure
- DELETE - Volumepure
- DELETE - Volume Connectionpure
- CISCO MDS CLI Question Bankcisco
- CISCO MDS Show Commandscisco
- Cisco MDS Zoning Quick Reference Guidecisco
- CREATE - Zoningcisco
symauth commands
The symauth command is used to sets up or updates Symmetrix user authorization information.
Below list contains some of the most useful symauth command examples.
-
symauth -sid 1234 -file add_a_role_to_user_for_component.txt commit
add_a_role_to_user_for_component.txt
------------------------
add user H:Server1\User1 to role LocalRep for StorGrp SG_Server1;
Add a Storage LocalRep role to User1 on Storage Group SG_Server1. Only LocalRep, RemoteRep and DeviceManage roles can be assigned to a Storage Group component.Copied -
symauth -sid 1234 -file assign_role_to_domain_user.txt commit
assign_role_to_domain_user.txt
------------------------------
assign user D:mydomain\User1 to role StorageAdmin;
Assign StorageAdmin role to the AD user User1Copied -
symauth -sid 1234 -file assign_role_to_group.txt commit
assign_role_to_group.txt
------------------------
assign group D:mydomain\mygroup to role StorageAdmin;
Assign StorageAdmin role group mygroup that is part of mydomainCopied -
symauth -sid 1234 -file assign_role_to_local_user.txt commit
assign_role_to_local_user.txt
---------------
assign user H:Server1\User1 to role StorageAdmin;
Assign StorageAdmin role to the local user User1 of Server1Copied -
symauth -sid 1234 -file assign_role_user.txt commit
assign_role_user.txt
-------------------
assign user User1 to role StorageAdmin;
Assign StorageAdmin role user User1. User1 may be a local user or a domain user.Copied -
symauth -sid 1234 -file delete_all_roles_of_group.txt commit
delete_all_roles_of_user.txt
------------------------
delete group D:mydomain\mygroup;
Delete all the roles assigned to user User1Copied -
symauth -sid 1234 -file delete_all_roles_of_user.txt commit
delete_all_roles_of_user.txt
------------------------
delete user H:Server1\User1;
Delete all the roles assigned to user User1Copied -
symauth -sid 1234 -file delete_a_role_of_group.txt commit
delete_a_role_of_group.txt
------------------------
remove group D:mydomainmygroup from role StorageAdmin;
Remove a particular role assigned to a groupCopied -
symauth -sid 1234 -file delete_a_role_of_user.txt commit
delete_a_role_of_user.txt
------------------------
remove user H:Server1User1 from role StorageAdmin;
Remove a particular role assigned to a userCopied -
symauth -sid 1234 -file re_assign_role_of_group.txt commit
re_assign_role_of_group.txt
------------------------
reassign group D:mydomain\mygroup to role Monitor;
Re assign role of group mygroup to MonitorCopied -
symauth -sid 1234 -file re_assign_role_of_user.txt commit
re_assign_role_of_user.txt
------------------------
reassign group D:mydomain\User1 to role Monitor;
Re assign role of Domain user User1 to MonitorCopied -
symauth -sid 1234 backup -f BackupFileSave the contents of the user and group authorization database from Symmetrix array 1234 to the file called BackupFileCopied
-
symauth -sid 1234 disableDisable user authorization in Symmetrix array 1234.Copied
-
symauth -sid 1234 enableEnable user authorization in Symmetrix array 1234. We must have created at least one mapping for a user to Admin or SecurityAdmin before this.Copied
-
symauth -sid 1234 listDisplay the Symmetrix user authorization state Enabled or Disabled in array 1234. This command also shows the timestamp when it is last enabled, disabled and updated.Copied
-
symauth -sid 1234 list -usersList the users and groups currently defined on the Symmetrix array 1234 along with their corresponding role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_domainLiss the users and groups currently defined on the Symmetrix array 1234 sorted by user-group domain. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_roleList the users and groups currently defined on the Symmetrix array 1234 sorted by role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_userList the users and groups currently defined on the Symmetrix array 1234 sorted by the user name. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -current_userList the current user accessing the Symmetrix array 1234 along with its corresponding role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 set enforcement adviceSet the enforcement type to advice. Authorization rules are checked but not enforced. Operations will succeed if the user does not have the necessary rights (role).Copied
-
symauth -sid 1234 set enforcement enforceSet the enforcement type to enforce. Authorization rules are enforced. If a user does not have the necessary rights (role), operations will fail. This is the default setting.Copied
-
symauth -sid 1234 set secure_reads disableDisable the secure reads. This will make authorization rules visible to all users.Copied
-
symauth -sid 1234 set secure_reads enableEnable the secure reads. Users may only view authorization rules that apply to them. Only users with SECURITY_VIEW permissions (AUDITOR role) can view the full set of rules.Copied
-
symauth -sid 1234 show -usernameDisplay current username that Solutions Enabler identifies as accessing the Symmetrix array. This command also display all the groups to which the user belongs.Copied
-
symauth list -componentsList the array components types that are supported to specify the access. Common components are Storage Groups and Thin pools.Copied
-
symauth list -rolesList the various user authorization roles available on a Symmetrix array along with a short description of that role.Copied
Roles and Scope
Role | Description |
---|---|
None | Has no rights. |
Monitor | Performs read-only operations on a Symmetrix array excluding the ability to read the audit log or Access Control definitions. |
PerfMonitor | Includes Monitor role permissions and grants additional privileges within the performance component of Unisphere for VMAX application to setup various alerts and update thresholds to monitor Symmetrix performance. |
StorageAdmin | Performs all management operations on a Symmetrix array or on individual components within an array. This is the only role that can be given access rights to specific components within an array and is limited to Virtualization domain users. |
SecurityAdmin | Performs security operations (symaudit, symacl, symauth) on a Symmetrix array in addition to all monitor operations. Users or groups assigned the SecurityAdmin or Admin roles can create or delete component-specific authorization rules. |
Admin | Performs all operations on a Symmetrix array, including security operations, in addition to all monitor operations, and including application performance monitor privileges. Has both StorageAdmin and SecurityAdmin rights. |
Auditor | Grants the ability to view, but not modify, security settings for a Symmetrix array (including reading the audit log, symacl list, and symauth) in addition to all monitor operations. This is the minimum role required to view the Symmetrix audit log. |
-
symauth -sid 1234 -file add_a_role_to_user_for_component.txt commit
add_a_role_to_user_for_component.txt
------------------------
add user H:Server1\User1 to role LocalRep for StorGrp SG_Server1;
Add a Storage LocalRep role to User1 on Storage Group SG_Server1. Only LocalRep, RemoteRep and DeviceManage roles can be assigned to a Storage Group component.Copied -
symauth -sid 1234 -file assign_role_to_domain_user.txt commit
assign_role_to_domain_user.txt
------------------------------
assign user D:mydomain\User1 to role StorageAdmin;
Assign StorageAdmin role to the AD user User1Copied -
symauth -sid 1234 -file assign_role_to_group.txt commit
assign_role_to_group.txt
------------------------
assign group D:mydomain\mygroup to role StorageAdmin;
Assign StorageAdmin role group mygroup that is part of mydomainCopied -
symauth -sid 1234 -file assign_role_to_local_user.txt commit
assign_role_to_local_user.txt
---------------
assign user H:Server1\User1 to role StorageAdmin;
Assign StorageAdmin role to the local user User1 of Server1Copied -
symauth -sid 1234 -file assign_role_user.txt commit
assign_role_user.txt
-------------------
assign user User1 to role StorageAdmin;
Assign StorageAdmin role user User1. User1 may be a local user or a domain user.Copied -
symauth -sid 1234 -file delete_all_roles_of_group.txt commit
delete_all_roles_of_user.txt
------------------------
delete group D:mydomain\mygroup;
Delete all the roles assigned to user User1Copied -
symauth -sid 1234 -file delete_all_roles_of_user.txt commit
delete_all_roles_of_user.txt
------------------------
delete user H:Server1\User1;
Delete all the roles assigned to user User1Copied -
symauth -sid 1234 -file delete_a_role_of_group.txt commit
delete_a_role_of_group.txt
------------------------
remove group D:mydomainmygroup from role StorageAdmin;
Remove a particular role assigned to a groupCopied -
symauth -sid 1234 -file delete_a_role_of_user.txt commit
delete_a_role_of_user.txt
------------------------
remove user H:Server1User1 from role StorageAdmin;
Remove a particular role assigned to a userCopied -
symauth -sid 1234 -file re_assign_role_of_group.txt commit
re_assign_role_of_group.txt
------------------------
reassign group D:mydomain\mygroup to role Monitor;
Re assign role of group mygroup to MonitorCopied -
symauth -sid 1234 -file re_assign_role_of_user.txt commit
re_assign_role_of_user.txt
------------------------
reassign group D:mydomain\User1 to role Monitor;
Re assign role of Domain user User1 to MonitorCopied -
symauth -sid 1234 backup -f BackupFileSave the contents of the user and group authorization database from Symmetrix array 1234 to the file called BackupFileCopied
-
symauth -sid 1234 disableDisable user authorization in Symmetrix array 1234.Copied
-
symauth -sid 1234 enableEnable user authorization in Symmetrix array 1234. We must have created at least one mapping for a user to Admin or SecurityAdmin before this.Copied
-
symauth -sid 1234 listDisplay the Symmetrix user authorization state Enabled or Disabled in array 1234. This command also shows the timestamp when it is last enabled, disabled and updated.Copied
-
symauth -sid 1234 list -usersList the users and groups currently defined on the Symmetrix array 1234 along with their corresponding role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_domainLiss the users and groups currently defined on the Symmetrix array 1234 sorted by user-group domain. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_roleList the users and groups currently defined on the Symmetrix array 1234 sorted by role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -by_userList the users and groups currently defined on the Symmetrix array 1234 sorted by the user name. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 list -users -current_userList the current user accessing the Symmetrix array 1234 along with its corresponding role. This also shows if the access limited any specific components.Copied
-
symauth -sid 1234 set enforcement adviceSet the enforcement type to advice. Authorization rules are checked but not enforced. Operations will succeed if the user does not have the necessary rights (role).Copied
-
symauth -sid 1234 set enforcement enforceSet the enforcement type to enforce. Authorization rules are enforced. If a user does not have the necessary rights (role), operations will fail. This is the default setting.Copied
-
symauth -sid 1234 set secure_reads disableDisable the secure reads. This will make authorization rules visible to all users.Copied
-
symauth -sid 1234 set secure_reads enableEnable the secure reads. Users may only view authorization rules that apply to them. Only users with SECURITY_VIEW permissions (AUDITOR role) can view the full set of rules.Copied
-
symauth -sid 1234 show -usernameDisplay current username that Solutions Enabler identifies as accessing the Symmetrix array. This command also display all the groups to which the user belongs.Copied
-
symauth list -componentsList the array components types that are supported to specify the access. Common components are Storage Groups and Thin pools.Copied
-
symauth list -rolesList the various user authorization roles available on a Symmetrix array along with a short description of that role.Copied
Most viewed articles
- Solution Enabler Symcli Question BankHow To guide for Solution Enabler Comman ...
- SRDF OperationsVarious SRDF operations and Commands exp ...
- VMax3 and PowerMax Allocation StepsStorage Allocation procedure for a VMax3 ...