Configuring Custom Permissions
User-defined Role Configurations
For different storage resources, refer to the following configurations:
- For NAS resources, configure the minimum permissions by referring to Table 1.
- For SAN resources, configure the minimum permissions by referring to Table 2.
For details about how to configure permissions for user-defined roles, see OceanStor Dorado 6000, Dorado 18000 Series Product Documentation.
Table 1 Minimum permissions for NAS resources
Permission Object | Parent Object | Read/Write Permission | Function |
|---|
workload_type | file_storage_service | Read-only | Queries the workload type. |
file_system | file_storage_service | Read and write | Manages file systems. |
fs_snapshot | file_storage_service | Read and write | Manages file system snapshots. |
quota | file_storage_service | Read and write | Manages file system quotas. |
nfs_service | file_storage_service | Read-only | Queries NFS services. |
share | file_storage_service | Read and write | Manages NFS shares. |
dtree | file_storage_service | Read and write | Manages dtrees. |
hyper_metro_pair | hyper_metro | Read and write | Creates file system HyperMetro pairs. |
hyper_metro_domain | hyper_metro | Read-only | Queries information about file system HyperMetro domains. |
remote_device | local_data_protection | Read-only | Queries remote device information. |
storage_pool | pool | Read-only | Queries storage pool information. |
smart_qos | resource_performance_tuning | Read and write | Manages SmartQoS policies. |
system | system | Read-only | Queries storage device information (this object needs to be configured only when the owning group is the system group). |
vstore | vstore | Read-only | Queries vStore information. |
port | network | Read-only | Queries logical port information. |
Table 2 Minimum permissions for SAN resources
Permission Object | Parent Object | Read/Write Permission | Function |
|---|
remote_device | local_data_protection | Read-only | Queries remote device information. |
hyper_clone | local_data_protection | Read and write | Manages clone pairs. |
lun_snapshot | local_data_protection | Read and write | Manages LUN snapshots. |
workload_type | lun | Read-only | Queries the workload type. |
lun | lun | Read and write | Manages LUNs. |
host | mapping_view | Read and write | Manages hosts. |
host_group | mapping_view | Read and write | Manages host groups. |
initiator | mapping_view | Read and write | Manages initiators. |
lun_group | mapping_view | Read and write | Manages LUN groups. |
mapping_view | mapping_view | Read and write | Manages mapping views. |
target | mapping_view | Read-only | Queries iSCSI initiators. |
port | network | Read-only | Queries logical ports. |
storage_pool | pool | Read-only | Queries storage pool information. |
smart_qos | resource_performance_tuning | Read and write | Manages SmartQoS policies. |
system | system | Read-only | Queries storage device information (this object needs to be configured only when the owning group is the system group). |
vstore | vstore | Read-only | Queries vStore information. |