Scripting of updateVV comand

Post Reply
kevgrn114
Posts: 11
Joined: Tue Jan 13, 2015 2:52 pm

Scripting of updateVV comand

Post by kevgrn114 »

I'm no scriptor so excuse me for any obvious things I may ask.. :-)

We have Virtual copies that get updated once a month.. I would like to provide a snippet of script to provide to the DB team to include in their refrsh scripts rather than have to be on a call once a month to run a few commands that take seconds..

My concern is passing information to them in the code that may give them access to the frame that they shouldnt have..
Curently I log into the CLI with a super user ID, and run the setusracl to grant permission to the user to run the updatevv command. then run the updatevv command itself..

If I create a user that has limited access to the frame, will it have the authorty for the setuseracl command?? and what level of access will allow these steps?

Thanks in advance for any help!

Kevin
kevgrn114
Posts: 11
Joined: Tue Jan 13, 2015 2:52 pm

Re: Scripting of updateVV comand

Post by kevgrn114 »

I probably didnt word that quite right..

Basically in order to run an updatevv command you have to first run a command to enable that user acct to run that command.. If I want to provide a basic edit account to the DB team to run the updatevv command how can I make the permissions stick to that user ID so that it doesnt have to be set before each command?

Or is it possible to allow super access on a user for only certain commands?
User avatar
Richard Siemers
Site Admin
Posts: 1333
Joined: Tue Aug 18, 2009 10:35 pm
Location: Dallas, Texas

Re: Scripting of updateVV comand

Post by Richard Siemers »

Once you enable an account to run updatevv on the specific vvols, (or wildcard pattern), you're done... you do not need to re-issue the command every time.
Richard Siemers
The views and opinions expressed are my own and do not necessarily reflect those of my employer.
kevgrn114
Posts: 11
Joined: Tue Jan 13, 2015 2:52 pm

Re: Scripting of updateVV comand

Post by kevgrn114 »

Thanks! Appreciate the help!!
I thought that I had encountered instances to where I had to reenter the Authorization each time.. I have tried it without the authorzation command the second time and it does work..

However, the user I created for the update script has to be in edit mode in order for the updatevv commad to work. This still allows for potential unwanted access doesnt it?
Or does an edit level user have to be authorized for each command?

I tried basic_edit but it will not allow it to updatevv even though that user was authorized by a super user..
JohnMH
Posts: 505
Joined: Wed Nov 19, 2014 5:14 am

Re: Scripting of updateVV comand

Post by JohnMH »

If it's repeated regularly could you not just add the process to the 3PAR internal scheduler ?
kevgrn114
Posts: 11
Joined: Tue Jan 13, 2015 2:52 pm

Re: Scripting of updateVV comand

Post by kevgrn114 »

It can't be scheduled in the 3par scheduler since the refresh has to happen when the server application team exports all of the copied volumes and puts teh DB in backup mode before the refresh takes place.. They have scripts to do all that but I need to give them access to the array to add the updatevv portion to their scripts..

I have been testing some more and have also discovered that once the user is given permission to run the command I still have to give permission again once I log out and log back in..

Is there a setting that makes these permissions persistent?
Post Reply