Migration Scenario 1: Child pools exist on the system
In this scenario, child pools exist on the system and a security administrator can create the ownership group and assign it to the existing child pool. All volumes that are associated with the child pool automatically inherit the ownership group of that child pool.
The following graphics show a configuration
where child pools currently exist on the system and the process of assigning ownership groups to
these child pools. The first graphic represents the current configuration before ownership groups
are assigned to existing child pools. The second graphic shows the how some objects inherit the
ownership group of the child pools and how others need to be added explicitly.
Using the management GUI
To use ownership group with existing child
pools, complete the following steps:
- In the management GUI, select .
- On the Ownership Group page, select Create Ownership Group.
- On the Create Ownership Group page, enter a name for the ownership group and select Create.
- On the Ownership Group page, select Assign Child Pools.
- On the Assign Child Pools page, select the child pool that you want to add to the ownership group and click Assign. In the example, child pool0 is added to the ownership group. Because the volume inherits the ownership group of child pool0 automatically.
- If the system detects dependent resources for volumes that are within that child pool, the management GUI displays the Additional Resources to Add page where it lists hosts or host clusters that have mappings to volumes that inherit the ownership group. For example, in the preceding graphic, child pool0 is added to the ownership group and vol0 automatically inherits the ownership group of the child pool0. However, the host mapping between vol1 and host does not inherit the ownership group from vol0 because it also depends on the host. On the Additional Resources to Add page, select the host or host clusters to add to the ownership group. Click Proceed.
- On the Ownership Groups page, verify that the volumes and hosts are assigned to the new ownership group.
- In the example, pool1 also needs to be assigned to the same ownership group as pool0. Repeat this process for all child pools that you want ownership groups to manage access.
- After you have assigned ownership groups to all child pools, create a user group to include users that are the owners of the ownership group. Select Create User Group. and click
- On the Create User Group page, enter the following information:
- Name
- Enter the name of the user group.
- Role
- Select the role for all users within the user group. User groups that are assigned in ownership groups cannot use the Security Administrator role.
- Ownership Group
- Select the ownership group that you created earlier and assign it to this user group.
- On the page, select existing users or create new users to assign to the user group. These users automatically inherit the ownership group that is assigned to the user group. These users can now start creating objects like hosts and volumes within this ownership group, using capacity in the child pools that are assigned to the ownership group.
Using the command-line interface
To
assign an existing child pool to a new ownership group, complete these steps:
- To create the ownership group, enter the following
command:
where <name> is the name of the ownership group that you are creating.mkownershipgroup -name <name>
- To assign an existing child pool to the new ownership group, enter the following
command:
where <name> is the name of the child pool and <owner_name> is the name of the new ownership group. Any volumes that are associated with the child pool inherit the new ownership group. If other dependent resources are related to these volumes, you might need to assign the ownership group to these objects. In the example, pool0 is added to the ownership group and vol0 automatically inherits the ownership group of the child pool. However, the host mapping between vol1 and host does not inherit the ownership group from vol0 because it also depends on the host. In this case, the host needs to be added to the ownership group.chmdiskgrp -name <name> -ownershipgroup <owner_name>
- After you have create ownership groups, create a user group to include users that are the owners
of the ownership group. To create a user group, enter the following command:
where <group_name> is the name of the user group and <owner_name>is the name of the new ownership group. User groups that are assigned to ownership groups cannot use the SecurityAdmin role.mkusergrp -name <group_name> -role administator -ownershipgroup <owner_name>
Note: Do specify -remote yes for this user group. This value enables remote authentication with LDAP which is not supported with ownership groups. - You can use either the mkuser command to create new users in the user group or use the chuser to assign existing users to the user group. Users inherit the ownership group that was assigned to the user group. These users can now start creating objects like hosts and volumes within this ownership group, using capacity in the child pools that are assigned to the ownership group.
- Assign any dependent resources, such as hosts or host clusters, to the
ownership groups. To assign a host to the ownership group, enter the following
command:
where <name> is the name of the host and <owner_name> is the name of the new ownership group.chhost -name <name> -ownershipgroup <owner_name>
- If other objects, like vol1 in the FlashCopy mapping with vol0 exist on the system, the child pool that provides storage for that volume must be assigned to the same ownership group.