When EMC re-did their group/role mappings for Celerra Administrative Roles, back in 2008 or so (When DART 5.6 was released), they had a chance to create a new set of group/roles that totally make sense. And for the most part they do, but does anyone else see something wrong with this picture?
So with the security in Celerra, Roles and Groups have a One to One relationship. You can see that the fullnas group is mapped to the Nasadmin role. The nasadmin group is mapped to the Operator role. ?!?!?!??! To me, it would have made a lot more sense to create an operator group and map the Operator role to that. Maybe I am just being a bit OCD about this, but it just bothers me that the entire scheme looks relatively clean, and they had an opportunity to make it just so perfect, but left in this confusing point.
Now, why are some of the Role Names capitalized and others not? I have no idea. But I must say this. EMC Education does a hell of a job cranking out a great amount of material. So sometimes typo’s exist and things are actually correct(ed) in the OS, and other times they are just the messenger and have nothing to do with the design of the system (actually, that’s probably most cases).
I have been impressed in watching the advancements of the Celerra from a few years ago until now morphing into the VNX. Things have always improved greatly. I am not a heavy user of RBAC, simply because I look at it more like there are two options: Those that should have access and those who should not :). Obviously we design things for customers based on their requirements but I like to have an educated group who have access, and then not have to worry about those that don’t. When I say educated, I don’t mean they are the Grand Master at all things, Celerra in this case, but that they understand enough to know there are things they should touch and things they should not.
If you don’t know much about Celerra, you shouldn’t be doing something like following commands that start off with you doing “export NAS_DB_DEBUG=1”.