Overview of user management and access control

REST API Reference Guide for Virtual Storage Platform 5000, Virtual Storage Platform E Series, and Virtual Storage Platform G/F Series

Part Number
To perform operations on storage system resources, users must have the appropriate roles (execution permissions) and access permissions for the resources on which the operations are to be performed. Before using the REST API, users with the required roles and access permissions must be created.

For storage systems, resource groups and user groups are used to manage the roles and access permissions of users.

Resource group
Resource groups are used to classify and manage resources in the storage system. Only users who have access permissions for a resource group can perform operations on the resources (such as parity groups, LDEVs, and ports) that are added to that resource group.
User group
User groups are used to group users who have the same roles and access permissions for the resources in the storage system. To specify the operations that users in a user group can perform, assign a role to the user group. To specify the resources that the users in a user group can access, assign a resource group to the user group.
Roles are execution permissions for resources. Roles are already set up, and the operations that users of each role can perform on resources are already defined. For details on the roles required to run a particular API request, see the description on that API request.

Users whose accounts were created by using the maintenance utility or Hitachi Device Manager - Storage Navigator can also execute REST API requests. If you want to use other storage management software to create user accounts that can execute REST API requests, specify the user IDs and passwords in accordance with the rules for the REST API.

If you are using Hitachi Device Manager - Storage Navigator, any users, user groups, and resource groups that were created by using the REST API can also be used from Hitachi Device Manager - Storage Navigator.

For details about user management and access control for storage systems, see the System Administrator Guide.

  • If a user uses the REST API to lock the resources of a storage system, operations on the users, user groups, or resource groups will no longer be able to be performed. In such a case, unlock the resources before performing these operations.
  • For the VSP 5000 series, it takes several minutes for the latest information to be applied to the cache after you create or delete a resource group or add or delete resources belonging to a resource group. For this reason, if you attempt to perform operations on user groups or users after performing any of these operations related to resource groups, the request might fail. If the request fails, wait for a while, and then run the request again.