Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
Encryption Administrator’s Guide 17
53-1001201-04
User privileges overview
2
TABLE 2 Role-based access control privileges and descriptions
Privilege Description No Privilege Read-Only Read/Write
Storage Encryption
Configuration
Allows you to configure
storage encryption
configuration, including
selecting storage
devices and LUNs,
viewing and editing
switch, group, or engine
properties, viewing and
editing storage device
encryption properties,
and initiating manual
LUN re-keying.
Disables LUN re-keying,
enabling or disabling
the encryption engine,
zeroizing an encryption
engine, restoring a
master key, smart card
operations, creating and
backing up master keys,
enabling encryption
functions after a power
cycle, and modifying
settings on the
Encryption Group
Properties Security tab.
Disables all functions
from the Configure
Encryption dialog box
except view.
Enables the following functions from the
Configure Encryption dialog box:
• View and edit switch, group, or engine
properties
• View and edit the Encryption Group
Properties Security tab
• View and edit encryption targets, hosts,
and LUNs
• Create a new encryption group or add a
switch to an existing encryption group
• Edit group engine properties (except for
the Security tab)
• Add targets
• Select encryption targets and LUNs to
be encrypted or edit LUN encryption
settings
• Edit encryption target hosts
configuration.
Storage Encryption
Key Operations
Allows you to configure
storage encryption key
operations, including
initiating a manual LUN
re-keying, enabling an
disabling encryption
engines, zeroizing an
encryption engine,
restoring a master key,
and operating smart
cards.
Disables creating a new
encryption group or
adding a switch to an
existing group, editing
group engine properties,
adding targets and
selecting targets and
LUNs to be encrypted or
edited, and editing
encryption target hosts.
Disables creating and
backing up master keys,
enabling encryption
functions after a power
cycle, and modifying
settings on the
Encryption Group
Properties Security tab.
Disables all functions
from the Configure
Encryption dialog box
except view.
Enables the following functions from the
Configure Encryption dialog box:
• View and edit switch, group, or engine
properties
• View and edit the Encryption Group
Properties Security tab.
• View encryption targets, hosts, and
LUNs.
• Create and backup a master key.
• Enable encryption functions after a
power cycle.
• Modify settings on the Encryption Group
Properties Security tab (quorum size
and authentication cards list)
Storage Encryption
Security
Allows you to create and
backup master keys,
enable encryption
functions after a power
cycle, and modify
settings on the
Encryption Group
Properties Security tab
(quorum size and
authentication cards
list).
Disables creating a new
encryption group or
adding a switch to an
existing group, editing
group engine properties,
adding targets and
selecting targets and
LUNs to be encrypted or
edited, and editing
encryption target hosts.
Disables LUN re-keying,
enabling or disabling
the encryption engine,
zeroizing an encryption
engine, restoring a
master key, smart card
operations.
Disables all functions
from the Configure
Encryption dialog box
except view.
Enables the following functions from the
Configure Encryption dialog box:
• View and edit switch, group, or engine
properties
• View the Encryption Group Properties
Security tab
• View encryption targets, hosts, and
LUNs
• Create a master key
• Backup a master key
• Enable encryption functions after a
power cycle
• Modify settings on the Encryption Group
Properties Security tab (quorum size
and authentication cards list)