Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

User management and access control

You can manage users and control access to storage system resources. To perform operations on storage system resources, users must have the appropriate roles (execution permissions) and access permissions for the resources on which the operations are to be performed. Before using the REST API, users with the required roles and access permissions must be created. You must create resource and user groups, assign permissions, and create users before users can perform storage system operations.

Overview of user management and access control

To perform operations on storage system resources, users must have the appropriate roles (execution permissions) and access permissions for the resources on which the operations are to be performed. Before using the REST API, users with the required roles and access permissions must be created.

For storage systems, resource groups and user groups are used to manage the roles and access permissions of users.

  • Resource group

    Resource groups are used to classify and manage resources in the storage system. Only users who have access permissions for a resource group can perform operations on the resources (such as parity groups, LDEVs, and ports) that are added to that resource group.

  • User group

    User groups are used to group users who have the same roles and access permissions for the resources in the storage system. To specify the operations that users in a user group can perform, assign a role to the user group. To specify the resources that the users in a user group can access, assign a resource group to the user group.

  • Role

    Roles are execution permissions for resources. Roles are already set up, and the operations that users of each role can perform on resources are already defined. For details on the roles required to run a particular API request, see the description on that API request.

The users, user groups, and resource groups created by using the REST API can also be used from Hitachi Device Manager - Storage Navigator. Note that the types of characters that can be used for user IDs and passwords differ between the REST API and Hitachi Device Manager - Storage Navigator. To use Hitachi Device Manager - Storage Navigator to create users who can use the REST API, specify a user ID and password in accordance with the rules for the REST API.

For the user group name and resource group name, you can use the same characters as those that can be used when creating groups in Hitachi Device Manager - Storage Navigator.

For details about user management and access control for storage systems, see the System Administrator Guide.

Note
  • If a user uses the REST API to lock the resources of a storage system, operations on the users, user groups, or resource groups will no longer be able to be performed. In such a case, unlock the resources before performing these operations.
  • For the VSP 5000 series, it takes several minutes for the latest information to be applied to the cache after you create or delete a resource group or add or delete resources belonging to a resource group. For this reason, if you attempt to perform operations on user groups or users after performing any of these operations related to resource groups, the request might fail. If the request fails, wait for a while, and then run the request again.

User management and access control operations

The following table lists the user management and access control operations that can be performed from the REST API, as well as the storage systems for which each type of operation can be performed.

  • Operations for resource groups

    Target storage system

    Operation

    Creating and deleting resource groups

    Registering and deleting resources

    Getting a list of resource groups

    Getting information

    about a specific resource group

    VSP 5000 series

    Y

    Y

    Y

    Y

    E series, Gx00 or Fx00

    Y

    Y

    Y

    Y

    G1000, G1500, or F1500

    Y

    Y

    Y

    Y

    VSP or HUS VM

    N

    N

    Y#1

    N

  • Operations for user groups

    Target storage system

    Operation

    Creating and deleting user groups

    Changing user group settings

    (assigning roles, etc.)

    Assigning and releasing resource groups

    Getting a list of user groups

    Getting information

    about a specific user group

    VSP 5000 series

    Y

    Y

    Y

    Y

    Y

    E series, Gx00 or Fx00

    Y

    Y

    Y

    Y

    Y

    G1000, G1500, or F1500

    N

    N

    N

    Y

    Y

    VSP or HUS VM

    N

    N

    N

    N

    N

  • Operations for users

    Target storage system

    Operation

    Creating and deleting user accounts

    Changing passwords

    Registering and deleting user groups

    Getting a list of users

    Getting information

    about a specific user

    VSP 5000 series

    Y

    Y

    Y

    Y

    Y

    E series, Gx00 or Fx00

    Y

    Y#2

    Y

    Y

    Y

    G1000, G1500, or F1500

    Y

    Y

    Y

    Y

    Y

    VSP or HUS VM

    N

    N

    N

    N

    N

  • (Legend)

    Y: The operation can be performed from the REST API.

    N: The operation cannot be performed from the REST API.

#1: The types of information that can be obtained vary. For details, see the description of the API function for getting resource group information.

#2: If either of the following conditions is met, you can simultaneously change the user password that is registered in the Storage Device list on the SVP:

  • You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system whose microcode version is 83-05-2X-XX/XX or later.
  • You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system whose microcode version is 88-03-0X-XX/XX or later, and a linkage to the SVP is established in the configuration.
  • You are using a VSP E series storage system, and a linkage to the SVP is established in the configuration.

For operations that cannot be performed from the REST API, use Hitachi Device Manager - Storage Navigator.

Changing passwords of user accounts of VSP E series, VSP Gx00 models or VSP Fx00 models

You can use the REST API to manage the passwords of the following user accounts:

  1. The user accounts of the storage system

    These users perform operations on the storage system resources. Information about the users is stored on the storage system. These users are specified in the Authorization header of the REST API request.

  2. The user account registered in the Storage Device List

    This user is registered in the Storage Device List during initial setup of the SVP. Information about the user is stored on the SVP.

  3. The user accounts of the storage systems registered in the REST API server

    These users are specified in the Authorization header when a storage system is registered in the REST API server. Information about the users is stored on the REST API server.

GUID-254338ED-C2D4-40B8-84AB-751BF439428F-low.gif

If the same user account is registered in 1 and 2, you can change the password of the user account of 1 and 2 at the same time by using the API request for changing the password of the user. The request line of the API is as follows:

PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID

To change the password of a user account of 3, use the API request for changing information about a storage system. The request line of the API is as follows:

PUT base-URL/v1/objects/storages/storage-device-ID

If the user account of 1, 2, and 3 are the same, change the password of the user account of 1 and 2 first, and then change the password of the user account of 3.

If the user account registered in the Storage Device List is deleted by using the API request for deleting a user account, management software (such as the REST API and Storage Navigator) becomes unavailable.

Therefore, when performing operations, be careful of the order in which passwords are changed and the information about users that is used within the system.

Workflow for user management and access control

This section describes the workflow for creating users who will perform operations on storage systems and for setting access permissions for the resources necessary for those operations.

When using the REST API to create a user, specify a user group to which the user will belong. Assign, in advance, resource groups and roles to the user group based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.

The following figure shows the workflow for specifying user and access control settings. If you are using the meta_resource group or built-in user group, you do not need to configure the resource group or the user group.

GUID-90A9C5EC-28A5-4191-A95E-33FA8F35D208-low.gif

  • Set resource groups

    Create a resource group, and then add resources such as parity groups, LDEVs, and ports. Group resources by business or organization into units for controlling access.

  • Set user groups

    Create a user group. Assign resource groups and roles based on the types of resources on which the users in that user group can operate and the operation permissions of users in that user group.

  • Set users

    Create a user. Specify the user group to which the user will belong, and then add the user to that user group. The user then can use the resources in the resource groups assigned to the user group according to the assigned roles.

Input rules for user IDs and passwords

When creating users who will perform operations on storage systems from the REST API, specify user IDs and passwords consisting of the characters described in the following table.

If you want to include symbols in a request body, be sure to escape the symbols as required for JSON format.

Item

Number of characters

Specifiable characters

User ID

1 to 63 characters

You can use the following characters.#
  • Alphanumeric characters
  • The following symbols:

    ! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~

    • User IDs that contain forward slashes (/) cannot be used as object IDs.
    • User IDs that contain percent signs (%) or plus signs (+) cannot be used as object IDs for the following API requests:

      API request for adding users to user groups

      API request for removing users from user groups

Password

6 to 63 characters

You can use the following characters.#
  • Alphanumeric characters
  • ASCII symbols which can be keyed in except space:

    ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

#: For target storage systems whose microcode versions are earlier than those supported by Configuration Manager 8.6.2, if one of the following conditions is met, the specifiable characters might vary.

  • The storage system model is VSP G1000, VSP G1500, or VSP F1500, and SSL communication is used for communication with the REST API server.
  • The storage system model is VSP G200, G400, G600, G800, or VSP F400, F600, F800, and SSL communication (the DTLS SVP encrypted communication mode or the SSL TLS encrypted communication mode) is used for communication with the REST API server.
  • The storage system model is VSP G350, G370, G700, G900, or VSP F350, F370, F700, F900.

In this case, you can use the following characters for User ID.

  • Alphanumeric characters
  • The following symbols:

    - . / @ _

In this case, you can use the following characters for Password.

  • Alphanumeric characters
  • The following symbols:

    , - . / @ _ \

Note
  • When creating a user account that will not be used for the REST API but will be used for other products such as Storage Navigator, you can use the number of characters in the userId and userPassword attributes of the API function for creating a user account, and in the userPassword attribute of the API function for changing the password of the user.
    • The userId attribute: 1 to 256 characters
    • The userPassword attribute: 6 to 256 characters
    Specify the user ID and password according to input restrictions (specifiable characters and the required number of characters) of the software for which the user account will be used. Note that, if you create an account for which the user ID or password does not adhere to the input restrictions in the preceding table, you will not be able to use the account to run the REST API.
  • If you use Storage Navigator or another product to create a user account whose password includes a double quotation mark ("), you can use that user account to run the REST API. However, you cannot use the REST API to create a user account whose password includes a double quotation mark or to change a password to one that includes a double quotation mark.

Getting a list of resource groups

The following request gets information about resource groups registered in the storage system. The obtained information can be used to check the lock status of each resource group, as well as the user ID or the name of the host that locked a resource group. You can also use a query parameter to get information about only certain resources of interest.
Important

Note the following when executing this API request for storage systems of the following models: VSP E series, VSP G350, G370, G700, G900 and VSP F350, F370, F700, F900.

  • Pay attention to the number of concurrent executions of this API request. For details, see "Implementing retry processing".

  • In a configuration in which no linkage is established to the SVP, when configuration information of a storage system is updated, this API request is run on the Platform REST API server. While this API request is running, it might affect the execution of API requests for which the number of concurrent executions is restricted.
Execution permission

Storage Administrator (View Only)

Request line
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups
Request message
  • Object ID

    None.

  • Query parameters

    To filter execution results:

    Parameter

    Type

    Filter condition

    lockStatus

    string

    (Optional) Lock status of the resource group

    • Locked: Gets information about the locked resource groups

    • Unlocked: Gets information about the unlocked resource groups

    To get information about only certain types of resources in resource groups:

    You can reduce the request processing time by using the following query parameter to get information about only certain resources of interest.

    Parameter

    Type

    Filter condition

    attributes

    string

    (Optional) Type of resource for which information is to be obtained

    Information will be obtained about only resources corresponding to the specified attributes.

    To specify multiple attributes, separate the attributes by using commas.

    You can use this parameter in combination with the lockStatus parameter.

    • ldevIds: LDEV numbers

    • parityGroupIds: Parity group numbers

    • externalParityGroupIds: External parity group numbers

    • portIds: Port numbers

    • hostGroupIds: Object IDs of host groups or iSCSI targets

    If this parameter is omitted, information will be obtained about all of the attributes listed above.

    Information about attributes other than those listed above will be obtained regardless of the specification of this parameter.

    The following are examples of how to specify these query parameters in various situations.

    • To get the LDEV numbers of locked resource groups:

      ?lockStatus=Locked&attributes=ldevIds
    • To get the port numbers, and the object IDs of host groups or iSCSI targets for all resource groups:

      ?attributes=portIds,hostGroupIds
  • Body

    None.

Response message
  • Body

    The following is an example of output for Virtual Storage Platform or Unified Storage VM:

    {
      "data": [
        {
          "resourceGroupId": 0,
          "resourceGroupName": "meta_resource",
          "lockStatus": "Locked",
          "lockOwner": "devUser",
          "lockHost": "host01"
        },
        {
          "resourceGroupName": "sales_group_resource",
          "resourceGroupId": 1,
          "lockStatus": "Unlocked"
        }
      ]
    }
    

    The following is an example of output for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500:

    {
      "data": [
        {
          "resourceGroupId": 4,
          "resourceGroupName": "devResourceGroup",
          "lockStatus": "Locked",
          "lockOwner": "devUser",
          "lockHost": "host01",
          "virtualStorageId": 0,
          "ldevIds": [
            12,
            13
          ],
          "parityGroupIds": [
            "1-1",
            "1-2"
          ],
          "externalParityGroupIds": [
            "1-5",
            "1-6"
          ],
          "portIds": [
            "CL1-A",
            "CL1-B"
          ],
          "hostGroupIds": [
            "CL1-A,4",
            "CL1-A,5",
            "CL1-A,6"
          ]
        },
        {
          "resourceGroupId": 5,
          "resourceGroupName": "sales_group_resource",
          "lockStatus": "Unlocked",
          "virtualStorageId": 0,
          "ldevIds": [
            32,
            33
          ],
          "parityGroupIds": [
            "2-1",
            "2-2"
          ],
          "externalParityGroupIds": [
            "1-7",
            "1-8"
          ],
          "portIds": [
            "CL3-A"
          ],
          "hostGroupIds": [
            "CL3-A,1",
            "CL3-A,2"
          ]
        }
      ]
    }

    The following is an example of output when a request is run with the attributes query parameter specified, to get only information about port numbers and the object IDs of host groups or iSCSI targets:

    {
      "data": [
        {
          "resourceGroupId": 4,
          "resourceGroupName": "devResourceGroup",
          "lockStatus": "Locked",
          "lockOwner": "devUser",
          "lockHost": "host01",
          "virtualStorageId": 0,
          "portIds": [
            "CL1-A",
            "CL1-B"
          ],
          "hostGroupIds": [
            "CL1-A,4",
            "CL1-A,5",
            "CL1-A,6"
          ]
        },
        {
          "resourceGroupId": 5,
          "resourceGroupName": "sales_group_resource",
          "lockStatus": "Unlocked",
          "virtualStorageId": 0,
          "portIds": [
            "CL3-A"
          ],
          "hostGroupIds": [
            "CL3-A,1",
            "CL3-A,2"
          ]
        }
      ]
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    Resource group name

    resourceGroupId

    int

    Resource group ID

    lockStatus

    string

    Lock status of the resource group

    • Locked: The resource group is locked.
    • Unlocked: The resource group is unlocked.

    selfLock

    boolean

    Whether the session specified in the Authorization header locked the resource group

    • true: The specified session locked the resource group
    • false: Another session locked the resource group

    This attribute is output if the resource group is locked by a session that was generated by the same user who runs the API.

    lockOwner

    string

    User ID that locked the resource group

    This attribute is not output if the resource group is unlocked.

    lockHost

    string

    IP address or name of the host that locked the resource group

    If the resource group has been locked by the REST API, IP address or host name of one of the following is output:

    • SVP
    • GUM
    • Configuration Manager REST API server
    • Relay server when the communication mode of the Configuration Manager REST API server is proxyMode

    This attribute is output only when the resource group is locked.

    lockSessionId

    int

    Session ID that locked the resource group

    This attribute is output only when the resource group is locked and when a user who belongs to the Administrator user group (built-in user group) for the VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500 , or a maintenance user for Virtual Storage Platform or Unified Storage VM runs the API.

    virtualStorageId

    int

    ID of the virtual storage machine that corresponds to the resource group#

    ldevIds

    int[]

    LDEV number#

    parityGroupIds

    string[]

    Parity group number#

    externalParityGroupIds

    string[]

    External parity group number#

    portIds

    string[]

    Port number#

    hostGroupIds

    string[]

    Object ID of the host group or iSCSI target#

#: This attribute can be obtained only for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups

Getting information about a specific resource group

The following request gets information about the specified resource group. The obtained information can be used to check the lock status of a resource group, the user ID of the user who locked the resource group, or the name of the host that locked the resource group.
Execution permission

Storage Administrator (View Only)

Request line

GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 0 to 1023.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "resourceGroupId": 4,
      "resourceGroupName": "devResourceGroup",
      "lockStatus": "Locked",
      "lockOwner": "devUser",
      "lockHost": "host01",
      "virtualStorageId": 0,
      "ldevIds": [
        12,
        13
      ],
      "parityGroupIds": [
        "1-1",
        "1-2"
      ],
      "externalParityGroupIds": [
        "1-5",
        "1-6"
      ],
      "portIds": [
        "CL1-A",
        "CL1-B"
      ],
      "hostGroupIds": [
        "CL1-A,4",
        "CL1-A,5",
        "CL1-A,6"
      ]
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    Resource group name

    resourceGroupId

    int

    Resource group ID

    lockStatus

    string

    Lock status of the resource group

    • Locked: The resource group is locked.
    • Unlocked: The resource group is unlocked.

    selfLock

    boolean

    Whether the resource group was locked by the session specified in the Authorization header

    • true: The specified session locked the resource group.
    • false: Another session locked the resource group.

    This attribute is output when the resource group is locked by a session that was generated by the same user who runs the API.

    lockOwner

    string

    User ID of the user who locked the resource group

    This attribute is output only when the resource group is locked.

    lockHost

    string

    IP address or name of the host that locked the resource group

    If the resource group has been locked by the REST API, IP address or host name of one of the following is output:

    • SVP
    • GUM
    • Configuration Manager REST API server
    • Relay server when the communication mode of the Configuration Manager REST API server is proxyMode

    This attribute is output only when the resource group is locked.

    lockSessionId

    int

    Session ID of the session that locked the resource group

    This attribute is output only when the resource group is locked and the API was run by one of the following users: the user who belongs to the Administrator user group (built-in user group)(for VSP 5000 series, VSP E series, VSP Gx00 models, VSP G1000, VSP G1500, VSP Fx00 models, or VSP F1500).

    virtualStorageId

    int

    ID of the virtual storage machine that corresponds to the resource group

    ldevIds

    int[]

    LDEV number

    parityGroupIds

    string[]

    Parity group number

    externalParityGroupIds

    string[]

    External parity group number

    portIds

    string[]

    Port number

    hostGroupIds

    string[]

    Object ID of the host group or iSCSI target

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4

Creating a resource group

The following request creates resource groups. To add a resource group to a virtual storage machine, you must also specify the virtualStorageDeviceId attribute.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/storages/storage-device-ID/resource-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "resourceGroupName":"devResourceGroup",
      "virtualStorageDeviceId":"900000050001"
    }

    Attribute

    Type

    Description

    resourceGroupName

    string

    (Required) Resource group name

    Specify a name consisting of 1 to 32 characters.

    virtualStorageDeviceId

    string

    (Optional) Storage device ID of the virtual storage machine

    This attribute cannot be specified at the same time as the virtualStorageId attribute.

    If this attribute is omitted, the default storage device ID (the same storage device ID as that of the target physical storage system) will be set.

    virtualStorageId

    int

    (Optional) ID of the virtual storage machine that corresponds to the resource group

    This attribute cannot be specified at the same time as the virtualStorageDeviceId attribute.

    If this attribute is omitted, 0 will be set.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the created resource group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups

Adding a resource to a resource group

The following request adding resources to resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/add-resource/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    The following coding example shows how to specify an LDEV number:

    {
      "parameters": {
        "ldevIds": [
          2,
          3
        ],
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    The following coding example shows how to specify a range of LDEV numbers:

    {
      "parameters": {
        "startLdevId": 2,
        "endLdevId": 5,
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    Attribute

    Type

    Description

    parityGroupIds

    string[]

    (Optional) Parity group number

    externalParityGroupIds

    string[]

    (Optional) External parity group number

    portIds

    string[]

    (Optional) Port number

    hostGroupIds

    string[]

    (Optional) Object ID of the host group or iSCSI target

    Specify the value of hostGroupId that was obtained by the processing to get information about host groups or iSCSI targets.

    ldevIds

    int[]

    (Optional) LDEV number

    Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the startLdevId attribute or the endLdevId attribute.

    startLdevId

    int

    (Optional) First LDEV number

    When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the endLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

    endLdevId

    int

    (Optional) Last LDEV number

    When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the startLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the resource group to which resources are added

Action template
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/add-resource
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/add-resource

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/add-resource/invoke

Removing a resource from a resource group

The following request removes resources that are no longer necessary from resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/remove-resource/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    The following coding example shows how to specify an LDEV number:

    {
      "parameters": {
        "ldevIds": [
          2,
          3
        ],
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-5",
          "1-6"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    The following coding example shows how to specify a range of LDEV numbers:

    {
      "parameters": {
        "startLdevId": 2,
        "endLdevId": 5,
        "parityGroupIds": [
          "1-1",
          "1-2"
        ],
        "externalParityGroupIds": [
          "1-7",
          "1-8"
        ],
        "portIds": [
          "CL1-A",
          "CL1-B"
        ],
        "hostGroupIds": [
          "CL1-A,4",
          "CL1-A,5",
          "CL1-A,6"
        ]
      }
    }

    Attribute

    Type

    Description

    parityGroupIds

    string[]

    (Optional) Parity group number

    externalParityGroupIds

    string[]

    (Optional) External parity group number

    portIds

    string[]

    (Optional) Port number

    hostGroupIds

    string[]

    (Optional) Object ID of the host group or iSCSI target

    Specify the value of hostGroupId that was obtained by the processing to get information about host groups or iSCSI targets.

    ldevIds

    int[]

    (Optional) LDEV number

    Specify a value in the range from 0 to 65279. If you specify this attribute, you cannot specify the startLdevId attribute or the endLdevId attribute.

    startLdevId

    int

    (Optional) First LDEV number

    When specifying a range of LDEVs, specify a value in the range from 0 to 65278. If you specify this attribute, you must also specify the endLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

    endLdevId

    int

    (Optional) Last LDEV number

    When specifying a range of LDEVs, specify a value in the range from 1 to 65279. If you specify this attribute, you must also specify the startLdevId attribute. If you specify the ldevId attribute, you cannot specify this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the resource group from which resources were removed

Action template
GET base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID/actions/remove-resource
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/remove-resource

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4/actions/remove-resource/invoke

Deleting a resource group

The following request deletes unnecessary resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/storages/storage-device-ID/resource-groups/object-ID
Request message
  • Object ID

    Specify the value of resourceGroupId that was obtained by the processing to get information about resource groups.

    Attribute

    Type

    Description

    resourceGroupId

    int

    (Required) Resource group ID

    Specify a decimal (base 10) number in the range from 1 to 1023.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the description on job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted resource group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/resource-groups/4

Getting a list of user groups

The following request gets a list of user groups registered in the target storage system.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/storages/storage-device-ID/user-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "data": [
        {
          "userGroupObjectId": "devGroup",
          "userGroupId": "devGroup",
          "roleNames": [
            "Audit Log Administrator (View & Modify)"
          ],
          "resourceGroupIds": [
            1,
            2,
            3
          ],
          "isBuiltIn": false,
          "hasAllResourceGroup": false
        },
        {
          "userGroupObjectId": "adminGroup",
          "userGroupId": "adminGroup",
          "roleNames": [
            "Audit Log Administrator (View & Modify)",
            "Security Administrator (View & Modify)",
            "Storage Administrator (Initial Configuration)",
            "Storage Administrator (Local Copy)",
            "Storage Administrator (Performance Management)",
            "Storage Administrator (Provisioning)",
            "Storage Administrator (Remote Copy)",
            "Storage Administrator (System Resource Management)"
          ],
          "isBuiltIn": false,
          "hasAllResourceGroup": true
        }
      ]
    }
    

    Attribute

    Type

    Description

    userGroupObjectId

    string

    The object ID for a user group ID

    An encoded character string is output if the user group ID includes reserved characters defined in RFC3986.

    userGroupId

    string

    The user group ID

    roleNames

    string[]

    The role name assigned to the user group

    resourceGroupIds

    int[]

    The IDs of the resource groups assigned to the user group

    isBuiltIn

    boolean

    Information about whether the user group is a built-in user group.

    • true: A built-in user group.

    • false: A user group created by a user.

    hasAllResourceGroup

    boolean

    Information about whether all the resource groups are assigned to the target.

    • true: All the resource groups are assigned.

    • false: The specified resource groups are assigned.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups

Getting information about a specific user group

The following request gets information about the specified user group.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "userGroupObjectId": "devGroup",
      "userGroupId": "devGroup",
      "roleNames":[
        "Security Administrator (View Only)"
      ],
      "resourceGroupIds": [
        1,
        2,
        3
      ],
      "isBuiltIn":false,
      "hasAllResourceGroup":false
    }

    Attribute

    Type

    Description

    userGroupObjectId

    string

    The object ID for a user group ID

    An encoded character string is output if the user group ID includes reserved characters defined in RFC 3986.

    userGroupId

    string

    The user group ID

    roleNames

    string[]

    The role name assigned to the user group

    resourceGroupIds

    int[]

    The IDs of the resource groups assigned to the user group

    isBuiltIn

    boolean

    Information about whether the user group is a built-in user group.

    • true: A built-in user group.

    • false: A user group created by a user.

    hasAllResourceGroup

    boolean

    Information about whether all the resource groups are assigned to the target.

    • true: All the resource groups are assigned.

    • false: The specified resource groups are assigned.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup

Creating a user group

The following request creates a user group and assigns an appropriate role and resource groups.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/storages/storage-device-ID/user-groups
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "userGroupId":"devGroup",
      "roleNames":[
        "Storage Administrator (Provisioning)"
      ],
      "resourceGroupIds": [
        8,
        9
      ],
      "hasAllResourceGroup":false
    }

    Attribute

    Type

    Description

    userGroupId

    string

    (Required) The user group ID

    Specify an ID consisting of 1 to 64 characters.

    roleNames

    string[]

    (Required) The role name

    Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.

    You must specify Storage Administrator (View Only).

    • Audit Log Administrator (View & Modify)#

    • Audit Log Administrator (View Only)#

    • Security Administrator (View & Modify)#

    • Security Administrator (View Only)#

    • Storage Administrator (Initial Configuration)

    • Storage Administrator (Local Copy)

    • Storage Administrator (Performance Management)

    • Storage Administrator (Provisioning)

    • Storage Administrator (Remote Copy)

    • Storage Administrator (System Resource Management)

    • Storage Administrator (View Only)

    • Support Personnel#

    • User Maintenance#

    #: If you specify this role, be sure to specify true for hasAllResourceGroup.

    resourceGroupIds

    int[]

    (Optional) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas. This cannot be specified if the hasAllResourceGroup attribute is true.

    hasAllResourceGroup

    boolean

    (Required) Information about whether all the resource groups are assigned to the target.

    If the roles specified for roleNames include any of the following roles, be sure to specify true for this attribute.

    • Audit Log Administrator (View & Modify)

    • Audit Log Administrator (View Only)

    • Security Administrator (View & Modify)

    • Security Administrator (View Only)

    • Support Personnel

    • User Maintenance

    If the roles specified for roleNames does not include any of these roles, be sure to specify false for this attribute.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the created user group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups

Changing the user group settings

The following request sets a user group ID and a role of the specified user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID

You can run this API request in a PATCH method.

Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    The following coding example shows how to change the user group ID:

    {
      "userGroupId":"adminGroup"
    }
    

    The following coding example shows how to change a role:

    {
      "roleNames":[
        "Storage Administrator (Provisioning)",
        "Storage Administrator (Local Copy)"  
      ]
    }

    Only one attribute can be specified in one request.

    Attribute

    Type

    Description

    userGroupId

    string

    (Optional) The user group ID

    Specify an ID consisting of 1 to 64 characters.

    hasAllResourceGroup

    boolean

    (Optional) Information about whether all the resource groups are assigned to the target.

    If the roles specified for roleNames include any of the following roles, be sure to specify true for this attribute.

    • Audit Log Administrator (View & Modify)

    • Audit Log Administrator (View Only)

    • Security Administrator (View & Modify)

    • Security Administrator (View Only)

    • Support Personnel

    • User Maintenance

    If the roles specified for roleNames does not include any of these roles, be sure to specify false for this attribute.

    roleNames

    string[]

    (Optional) The role name

    Specify one or more of the following role names. The role names are case sensitive. If you specify multiple role names, delimit the names by commas.

    You must specify Storage Administrator (View Only).

    • Audit Log Administrator (View & Modify)#

    • Audit Log Administrator (View Only)#

    • Security Administrator (View & Modify)#

    • Security Administrator (View Only)#

    • Storage Administrator (Initial Configuration)

    • Storage Administrator (Local Copy)

    • Storage Administrator (Performance Management)

    • Storage Administrator (Provisioning)

    • Storage Administrator (Remote Copy)

    • Storage Administrator (System Resource Management)

    • Storage Administrator (View Only)

    • Support Personnel#

    • User Maintenance#

    #: If you specify this role, be sure to specify true for hasAllResourceGroup.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group on which settings are changed

Action template

None.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup

Assigning resource groups to a user group

The following request assigns resource groups to a created user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/add-resource-group/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "resourceGroupIds": [
          1,
          2
        ]
      }
    }
    

    Attribute

    Type

    Description

    resourceGroupIds

    int[]

    (Required) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group to which resource groups are assigned

Action template
GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/add-resource-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/add-resource-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/add-resource-group/invoke

Releasing resource groups assigned to a user group

The following request releases resource groups assigned to a user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/remove-resource-group/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "resourceGroupIds": [
          1,
          2
        ]
      }
    }

    Attribute

    Type

    Description

    resourceGroupIds

    int[]

    (Required) The resource group IDs

    Specify one or more decimal (base 10) numbers within the range of 0 to 1023. If you specify multiple IDs, delimit the IDs by commas.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user group where assignment of resource groups is released

Action template
GET base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID/actions/remove-resource-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/remove-resource-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup/actions/remove-resource-group/invoke

Deleting a user group

The following request deletes an unneeded user group. The request cannot delete a user group if the user group is assigned to a user.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/storages/storage-device-ID/user-groups/object-ID
Request message
  • Object ID

    Set the userGroupObjectId value obtained by getting the information about the user group.

    Attribute

    Type

    Description

    userGroupObjectId

    string

    (Required) The object ID for a user group ID

    The object ID is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted user group

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/user-groups/devGroup

Getting a list of users

The following request gets a list of user information registered on the target storage system.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/storages/storage-device-ID/users
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "data": [
        {
          "userObjectId": "devUser",
          "userId": "devUser",
          "authentication": "local",
          "userGroupNames": [
            "Audit Log Administrator (View Only) User Group",
            "Storage Administrator (View & Modify) User Group"
          ],
          "isBuiltIn": false,
          "isAccountStatus": true
        },
        {
          "userObjectId": "adminUser",
          "userId": "adminUser",
          "authentication": "local",
          "userGroupNames": [
            "Administrator User Group"
          ],
          "isBuiltIn": false,
          "isAccountStatus": true
        }
      ]
    }
    

    Attribute

    Type

    Description

    userObjectId

    string

    Object ID of the user ID

    If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.

    userId

    string

    User ID

    userGroupNames

    string[]

    User group name

    isBuiltIn

    boolean

    Whether the user account is built-in

    • true: Indicates a built-in user account

    • false: Indicates that the account is created by the user

    isAccountStatus

    boolean

    Status of the user account
    • true: The user account is valid

    • false: The user account is invalid

    authentication

    string

    Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users

Getting information about a specific user

The following request gets information about the specified user.
Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    {
      "userObjectId": "devUser",
      "userId": "devUser",
      "authentication": "local",
      "userGroupNames": [
        "Audit Log Administrator (View Only) User Group",
        "Storage Administrator (View & Modify) User Group"
      ],
      "isBuiltIn": false,
      "isAccountStatus": true
    }

    Attribute

    Type

    Description

    userObjectId

    string

    Object ID of the user ID

    If the user ID contains a reserved character defined in RFC 3986, the encoded character string is output.

    userId

    string

    User ID

    userGroupNames

    string[]

    User group name

    isBuiltIn

    boolean

    Whether the user account is built-in

    • true: Indicates a built-in user account

    • false: Indicates that the account is created by the user

    isAccountStatus

    boolean

    Status of the user account
    • true: The user account is valid

    • false: The user account is invalid

    authentication

    string

    Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser

Creating a user account

The following request creates a user account and assigns the user to user groups where appropriate permissions are specified. User accounts created by using the REST API can be used in Hitachi Device Manager - Storage Navigator.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

POST base-URL/v1/objects/storages/storage-device-ID/users
Request message
  • Object ID

    None.

  • Query parameters

    None.

  • Body

    {
      "userId": "devUser",
      "authentication": "local",
      "userPassword":"devPassword",
      "userGroupNames": [
        "Audit Log Administrator (View Only) User Group",
        "Storage Administrator (View & Modify) User Group"
      ]
    }

    Attribute

    Type

    Description

    userId

    string

    (Required) User ID

    For details about the number of characters that can be specified for user IDs and the characters that can be used, see the description about input rules for user IDs and passwords.

    userPassword

    string

    (Optional) Password

    The password cannot be specified if the authentication attribute is external.

    For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters. You can specify up to 8 group names.

    authentication

    string

    (Required) Set authentication

    • local: Authorized by the storage system

    • external: Authorized by the external authentication server#

    #: To authenticate users on an external authentication server, specify the settings on the SVP so that the external authentication server. For details, see the System Administrator Guide.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the created user

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X POST --data-binary @./InputParameters.json https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/

Changing the password of the user

The following request changes the password of a user account that performs operations on the storage system resources. The password cannot be changed for the user who is authorized by the external authentication server.

If either of the following conditions is met, and the specified user account is also registered in the storage information of the Storage Device List on the SVP, you can also change the password of the user account registered in the Storage Device List at the same time:

  • You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system whose microcode version is 83-05-2X-XX/XX or later.
  • You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system whose microcode version is 88-03-0X-XX/XX or later, and a linkage to the SVP is established in the configuration.
  • You are using a VSP E series storage system, and a linkage to the SVP is established in the configuration.
Important
  • If you change a password registered in the Storage Device List, the management software running on the SVP will restart. As a result, management software (such as the REST API and Storage Navigator) becomes temporarily unavailable. You can use the software again after the job is complete.
  • When changing the password of a user account registered in the Storage Device List, we strongly recommend specifying Completed for the Response-Job-Status in the request header. If Completed is not specified and processing for the storage system fails, information about communication errors might not be correctly obtained.
  • The user ID and password that were used to register a storage system to the REST API server are stored on the REST API server. To change such a password, in addition to executing the API request for changing the password of the user, you will also need to change the information stored on the REST API server by executing the API request for changing information about a storage system.
  • If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID

You can run this API request in a PATCH method.

Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    To change the password of a user account of a storage system:

    {
      "userPassword":"userPass"
    }

    To simultaneously change the password of a user account of a storage system and the password of a user account registered in the Storage Device List:

    (Example of using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system)

    {
      "userPassword":"userPass",
      "changesStorageDeviceListPassword":true,
      "mappWebServerHttpsPort":20443
    }

    To simultaneously change the password of a user account of a storage system and the password of a user account registered in the Storage Device List:

    (Example of using a VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system with linkage to the SVP established in the configuration)

    {
      "userPassword":"userPass",
      "changesStorageDeviceListPassword":true
    }

    Attribute

    Type

    Description

    userPassword

    string

    (Required) New password

    For details about the number of characters that can be specified for passwords and the characters that can be used, see the description about input rules for user IDs and passwords.

    If true is specified for the attribute changesStorageDeviceListPassword, follow the rules for creating a user account that performs operations on storage systems from the REST API.

    changesStorageDeviceListPassword

    boolean

    (Optional) Whether to change the password of a user account registered in the Storage Device List

    You can use this attribute when either of the following conditions is met:

    • You are using a VSP G200, G400, G600, G800, VSP F400, F600, F800 storage system.
    • You are using a VSP G350, G370, G700, G900, VSP F350, F370, F700, F900 storage system, and linkage to the SVP is established in the configuration.
    • You are using a VSP E series storage system, and linkage to the SVP is established in the configuration.

    If this attribute is specified, the password of a user account of the storage system and the password of a user account registered in the Storage Device List are simultaneously changed.

    • true: Change the password in the Storage Device List

    • false: Do not change the password in the Storage Device List

    If this attribute is omitted, false is assumed.

    mappWebServerHttpsPort

    int

    (Optional) Port number used by the SVP for HTTPS communication

    You can use this attribute for VSP G200, G400, G600, G800, VSP F400, F600, F800.

    Specify this attribute if changesStorageDeviceListPassword is true and if you are either using non-SSL communication or using SSL communication in DTLS encryption communication mode.

    If you are using non-SSL communication or DTLS encryption communication mode and you omit this attribute, 443 will be set.

    If you are using SSL communication in DTLS SVP encrypted communication mode or SSL TLS encrypted communication mode between the REST API server and the storage system, you cannot specify this attribute, because this attribute requires the use of the port registered in the storage system.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user whose password was changed

Action template

None.

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser

Adding users to user groups

To add a user to a user group, assign the user group to the user object.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/add-user-group/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "userGroupNames": [
          "System User Group"
        ]
      }
    }
    

    Attribute

    Type

    Description

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters.

    The following are the maximum numbers of user groups to which one user can belong:

    • For VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900: 8
    • For VSP 5000 series, VSP G1000, VSP G1500, VSP F1500: 8
    • For VSP G200, G400, G600, G800, VSP F400, F600, F800: 1
Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user who was added to the user group

Action template
GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/add-user-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/add-user-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/add-user-group/invoke

Removing users from user groups

To remove a user from a user group, specify the user group that is associated with that user, and then release that user group from the user object. If only one user group is associated with a particular user, the user cannot be removed from that user group.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line
PUT base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/remove-user-group/invoke

You can run this API request in a POST method.

Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    {
      "parameters": {
        "userGroupNames": [
          "System User Group"
        ]
      }
    }

    Attribute

    Type

    Description

    userGroupNames

    string[]

    (Required) User group name

    Specify a name consisting of 1 to 64 characters.

    The following are the maximum numbers of user groups to which one user can belong:

    • For VSP E series, VSP G350, G370, G700, G900, VSP F350, F370, F700, F900: 8
    • For VSP 5000 series, VSP G1000, VSP G1500, VSP F1500: 8
    • For VSP G200, G400, G600, G800, VSP F400, F600, F800: 1
Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the user who was removed from the user group

Action template
GET base-URL/v1/objects/storages/storage-device-ID/users/object-ID/actions/remove-user-group
Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example

To get an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X GET https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/remove-user-group

To run the request after getting an action template:

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" --data-binary @./InputParameters.json -X PUT https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser/actions/remove-user-group/invoke

Deleting a user account

The following request deletes unnecessary user accounts. Built-in user accounts of the storage system cannot be deleted.
Note

If you locked any resources of the target storage system by using the REST API, you will not be able to use this API function. In such cases, unlock the resources before running the API function.

Execution permission

Security Administrator (View & Modify)

Request line

DELETE base-URL/v1/objects/storages/storage-device-ID/users/object-ID
Request message
  • Object ID

    Specify the userObjectId value obtained by getting information about the user.

    Attribute

    Type

    Description

    userObjectId

    string

    (Required) Object ID of the user ID

    The name is case sensitive.

  • Query parameters

    None.

  • Body

    None.

Response message
  • Body

    A job object is returned. For details on attributes other than affectedResources, see the section explaining job objects.

    Attribute

    Description

    affectedResources

    URL of the deleted user account

Status codes

For details on the status codes of the request for this operation, see the description on HTTP status codes.

Coding example
curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session b74777a3-f9f0-4ea8-bd8f-09847fac48d3" -X DELETE https://192.0.2.100:23451/ConfigurationManager/v1/objects/storages/836000123456/users/devUser