Security and credential management

Contributors akseldavis Download PDF of this page

You can manage security in SnapManager by applying user authenticationand role-based access control (RBAC). The user authentication method allows you to access resources such as repositories, hosts, and profiles. RBAC allows you to restrict the operations that SnapManager can perform against the volumes and LUNs containing the data files in your database.

When you perform an operation using either the command-line interface (CLI) or graphical user interface (GUI), SnapManager retrieves the credentials set for repositories and profiles. SnapManager saves credentials from previous installations.

The repository and profiles can be secured with a password. A credential is the password configured for the user for an object, and the password is not configured on the object itself.

You can manage authentication and credentials by performing the following tasks:

  • Manage user authentication either through password prompts on operations or by using the smo credential set command.

    Set credentials for a repository, host, or profile.

  • View the credentials that govern the resources to which you have access.

  • Clear a user’s credentials for all resources (hosts, repositories, and profiles).

  • Delete a user’s credentials for individual resources (hosts, repositories, and profiles).

You can manage role-based access by performing the following tasks:

  • Enable RBAC for SnapManager by using SnapDrive.

  • Assign users to roles and set role capabilities by using the Operations Manager console.

  • Optionally, enable SnapManager to store encrypted passwords by editing the smo.config file.

If Protection Manager is installed, access to the features is affected in the following ways:

  • If Protection Manager is installed, when you create a database profile, SnapManager creates a dataset and populates the dataset with the volumes that contain the database files.

    After a backup operation, SnapManager keeps the dataset contents synchronized with the database files.

  • If Protection Manager is not installed, SnapManager cannot create a dataset and you cannot set protection on profiles.