Hi Richard,

Yes SC can initiate all APIs through DFM proxy which means users would need access to the scServer or run their own scServer. This is limitted however to things Snap Creator does which I think was clear by your statment. So you cant just send any API or CLI command to DFM server through Snap Creator.

As for support in GUI, you are correct in 3.4 it is only supported through CLI. In 3.5 which releases on Jan 12 2012 it will also be fully supported in GUI. We also added RBAC capabilities in SC itself for those who want to control things more granular so that combo + DFM proxy makes an interesting use case

Regards,

Keith

Thanks for the reply. If I ever get it working well then perhaps I will document it for everyone's benefit.

Richard

What are the minimum rights for the OM user if you use USE_PROXY=Y?

Cant seem to find any document on that.

I created one with all of these like a GolbalSnapcreator user.

I guess i can trial end error my way but i am lazy.

Which of them can i remove and still have all SC functionality?

DFM.Alarm.Delete, DFM.Alarm.Read, DFM.Alarm.Write, DFM.BackupManager.Backup, DFM.BackupManager.Failover, DFM.BackupManager.Read, DFM.BackupManager.Restore, DFM.ConfigManagement.Delete, DFM.ConfigManagement.Read, DFM.ConfigManagement.Write, DFM.Console.Execute, DFM.Core.AccessCheck, DFM.Core.Control, DFM.Core.Delegate, DFM.Database.Delete, DFM.Database.Read, DFM.Database.Write, DFM.DataSet.Create, DFM.DataSet.Delete, DFM.DataSet.Write, DFM.Event.Read, DFM.Event.Write, DFM.Mirror.PolicyControl, DFM.Mirror.Read, DFM.PerfThreshTemplate.Read, DFM.PerfThreshTemplate.Write, DFM.PerfView.Delete, DFM.PerfView.RealTimeRead, DFM.PerfView.Write, DFM.Policy.Delete, DFM.Policy.Read, DFM.Policy.Write, DFM.Quota.FullControl, DFM.Report.Delete, DFM.Report.Read, DFM.Report.Write, DFM.Resource.Control, DFM.ResourcePool.Provision, DFM.SAN.FullControl, DFM.Schedule.Delete, DFM.Schedule.Read, DFM.Schedule.Write, DFM.SRM.Read, DFM.StorageService.Attach, DFM.StorageService.Delete, DFM.StorageService.Detach, DFM.StorageService.Read, DFM.StorageService.Write, SD.Config.Delete, SD.Config.Read, SD.Config.Write, SD.Snapshot.Clone, SD.Snapshot.Delete, SD.Snapshot.DestroyUnrestrictedClone, SD.Snapshot.DisruptBaseline, SD.Snapshot.Read, SD.Snapshot.Restore, SD.Snapshot.UnrestrictedClone, SD.Snapshot.Write, SD.Storage.Delete, SD.Storage.Read, SD.Storage.Write

What are the minimum rights for the OM user if you use USE_PROXY=Y?

Cant seem to find any document on that.

I created one with all of these like a GolbalSnapcreator user.

I guess i can trial end error my way but i am lazy.

Which of them can i remove and still have all SC functionality?

DFM.Alarm.Delete, DFM.Alarm.Read, DFM.Alarm.Write, DFM.BackupManager.Backup, DFM.BackupManager.Failover, DFM.BackupManager.Read, DFM.BackupManager.Restore, DFM.ConfigManagement.Delete, DFM.ConfigManagement.Read, DFM.ConfigManagement.Write, DFM.Console.Execute, DFM.Core.AccessCheck, DFM.Core.Control, DFM.Core.Delegate, DFM.Database.Delete, DFM.Database.Read, DFM.Database.Write, DFM.DataSet.Create, DFM.DataSet.Delete, DFM.DataSet.Write, DFM.Event.Read, DFM.Event.Write, DFM.Mirror.PolicyControl, DFM.Mirror.Read, DFM.PerfThreshTemplate.Read, DFM.PerfThreshTemplate.Write, DFM.PerfView.Delete, DFM.PerfView.RealTimeRead, DFM.PerfView.Write, DFM.Policy.Delete, DFM.Policy.Read, DFM.Policy.Write, DFM.Quota.FullControl, DFM.Report.Delete, DFM.Report.Read, DFM.Report.Write, DFM.Resource.Control, DFM.ResourcePool.Provision, DFM.SAN.FullControl, DFM.Schedule.Delete, DFM.Schedule.Read, DFM.Schedule.Write, DFM.SRM.Read, DFM.StorageService.Attach, DFM.StorageService.Delete, DFM.StorageService.Detach, DFM.StorageService.Read, DFM.StorageService.Write, SD.Config.Delete, SD.Config.Read, SD.Config.Write, SD.Snapshot.Clone, SD.Snapshot.Delete, SD.Snapshot.DestroyUnrestrictedClone, SD.Snapshot.DisruptBaseline, SD.Snapshot.Read, SD.Snapshot.Restore, SD.Snapshot.UnrestrictedClone, SD.Snapshot.Write, SD.Storage.Delete, SD.Storage.Read, SD.Storage.Write

  magnus.nyvall    Dec 7, 2011 4:01 AM   (in response to rmharwood)       

What are the minimum rights for the OM user if you use USE_PROXY=Y?

We have only tested "Global Full Control"

You need to do two things to use DFM Proxy

1) create user with global full control

2) Add storage system login credentials, this is where you configure what user ther DFM server will use when communicating with storage

Which of them can i remove and still have all SC functionality?

Like I said we only tested "Global Full Control" but the following should be a minimum

DFM.BackupManager.Backup, DFM.BackupManager.Read, DFM.BackupManager.Restore, DFM.Console.Execute, DFM.Core.AccessCheck, DFM.Core.Control, DFM.Core.Delegate, DFM.Database.Read, DFM.Database.Write, DFM.DataSet.Create,  DFM.DataSet.Write, DFM.Event.Read, DFM.Event.Write, DFM.Mirror.PolicyControl, DFM.Mirror.Read,  DFM.Policy.Delete, DFM.Policy.Read, DFM.Policy.Write,DFM.Schedule.Read

You might even be able to get it to work with just

DFM.Console.Execute,DFM.DataSet.Create,  DFM.DataSet.Write, DFM.Event.Read, DFM.Event.Write

Regards,

Keith