I'm no scriptor so excuse me for any obvious things I may ask..
We have Virtual copies that get updated once a month.. I would like to provide a snippet of script to provide to the DB team to include in their refrsh scripts rather than have to be on a call once a month to run a few commands that take seconds..
My concern is passing information to them in the code that may give them access to the frame that they shouldnt have..
Curently I log into the CLI with a super user ID, and run the setusracl to grant permission to the user to run the updatevv command. then run the updatevv command itself..
If I create a user that has limited access to the frame, will it have the authorty for the setuseracl command?? and what level of access will allow these steps?
Thanks in advance for any help!
Kevin
Scripting of updateVV comand
Re: Scripting of updateVV comand
I probably didnt word that quite right..
Basically in order to run an updatevv command you have to first run a command to enable that user acct to run that command.. If I want to provide a basic edit account to the DB team to run the updatevv command how can I make the permissions stick to that user ID so that it doesnt have to be set before each command?
Or is it possible to allow super access on a user for only certain commands?
Basically in order to run an updatevv command you have to first run a command to enable that user acct to run that command.. If I want to provide a basic edit account to the DB team to run the updatevv command how can I make the permissions stick to that user ID so that it doesnt have to be set before each command?
Or is it possible to allow super access on a user for only certain commands?
- Richard Siemers
- Site Admin
- Posts: 1333
- Joined: Tue Aug 18, 2009 10:35 pm
- Location: Dallas, Texas
Re: Scripting of updateVV comand
Once you enable an account to run updatevv on the specific vvols, (or wildcard pattern), you're done... you do not need to re-issue the command every time.
Richard Siemers
The views and opinions expressed are my own and do not necessarily reflect those of my employer.
The views and opinions expressed are my own and do not necessarily reflect those of my employer.
Re: Scripting of updateVV comand
Thanks! Appreciate the help!!
I thought that I had encountered instances to where I had to reenter the Authorization each time.. I have tried it without the authorzation command the second time and it does work..
However, the user I created for the update script has to be in edit mode in order for the updatevv commad to work. This still allows for potential unwanted access doesnt it?
Or does an edit level user have to be authorized for each command?
I tried basic_edit but it will not allow it to updatevv even though that user was authorized by a super user..
I thought that I had encountered instances to where I had to reenter the Authorization each time.. I have tried it without the authorzation command the second time and it does work..
However, the user I created for the update script has to be in edit mode in order for the updatevv commad to work. This still allows for potential unwanted access doesnt it?
Or does an edit level user have to be authorized for each command?
I tried basic_edit but it will not allow it to updatevv even though that user was authorized by a super user..
Re: Scripting of updateVV comand
If it's repeated regularly could you not just add the process to the 3PAR internal scheduler ?
Re: Scripting of updateVV comand
It can't be scheduled in the 3par scheduler since the refresh has to happen when the server application team exports all of the copied volumes and puts teh DB in backup mode before the refresh takes place.. They have scripts to do all that but I need to give them access to the array to add the updatevv portion to their scripts..
I have been testing some more and have also discovered that once the user is given permission to run the command I still have to give permission again once I log out and log back in..
Is there a setting that makes these permissions persistent?
I have been testing some more and have also discovered that once the user is given permission to run the command I still have to give permission again once I log out and log back in..
Is there a setting that makes these permissions persistent?