| We have four access permissions: full access, Virtual Write, read-only and refuse.
Full Access: Client has both read and write rights, it treats the target as local disk.
Virtual Write: Allows the writing in read-only disks, but the writing results only take effect for the user himself.
Read-Only: Client only has the read right, it can not write any data to disk.
Refuse: The Logging on to the target is forbidden.
There are four authorization modes: Anonymous, CHAP , IP Filter and Mixed.
Anonymous: All initiators will get full access permission without any authorization required.
CHAP: All initiators need to specify a CHAP user and secret to connect to the target. iStorage Server has a built-in user called “Guest”, which is used for initiators without CHAP secret specified.
IP Filter: All initiators will be authorized by the incoming IP address defined by IP Filter roles.
Mixed: Security policy is determined by both CHAP and IP Filters.
If you check "Global Authorization", all client security roles are form global settings, otherwise, each client will has it's own permission.
Notes:
• The Anonymous mode initiators will have full access permission.
• The client has the guest user's permission when it's anonymous log on to the target with CHAP authorization mode, if the guest user is deleted, the
client will be refused to log on.
• Guest user has the Virtual Write permission on a target which has enabled Virtual
Write feature by default, otherwise, it has the read-only permission.
• When guest user belong to a group, it has the same permission as the group.
• When we add any address to IP Filter, All initiators will gain the same permission as we set.
• Access permission is upgradable, that means, if a initiator meet more than one roles, it will upgrade
the access permission to highest, permission order: Refused < Read-only < Virtual-Write < Full-Access.
|
