The customer i'm working with has set up the user authentification on their VMAX environnement with the symcli command "symauth". I wonder if VASA will use SE in order to collect and pass information to VMware.
If it is the case, i would need to know what kind of rights to give to SMI-S for (VASA) in order for it to work correctly even if user authentification is in place.
If anyone know, it would be greatly appreciated,
Solved! Go to Solution.
It should work fine with the current symauth configuration.
To further confirm, I enabled symauth in my lab then created a new user on the Windows machine where SMI-S/ECOM is installed. added it to symauth with role Monitor. I made this user has rights to start/stop the ECOM service.
I restarted the ECOM service with the new user and everything worked fine with no issues even after deleting the user from symauth.
I checked also ECOM documents and there was nothing mentioned there about symauth just symacl.
SMI-S provider makes direct symapi calls, so symauth doesn't affect its functionality, only symacl does.
As Drew pointed out, you just need an ECOM user with vmadmin role for communication to VASA
Thank you much for all your answers. Thank for pointing out that there is stuff to look at when working with symacl. Customer wishes to limit AIX servers that will be using SNAPs.
So i'll keep in mind to configure "symacl" on the server having the SMI-S provider.