Solutions Enabler :Symcli 命令失败,并显示错误“Symmetrix access control denied the request”

Summary: Symcli 命令失败,并显示错误“Symmetrix access control denied the request”

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

阵列同时启用

了 symauth 和 symacl 在symapi.log中发现以下错误: 
08/05/2022 00:33:34.580 15624 17628 EMC:SYMCFG read_authz_file Error reading Authz rules from array: 000497xxxxxx - 2545

08/05/2022 00:33:35.511 9944 20468 EMC:SYMSNAPVX read_authz_file Error reading Authz rules from array: 000497xxxxxx - 2545

08/05/2022 00:33:36.527 9944 20468 EMC:SYMSNAPVX read_authz_file Error reading Authz rules from array: 000497xxxxxx - 2545

08/05/2022 00:33:37.543 9944 20468 EMC:SYMSNAPVX read_authz_file Error reading Authz rules from array: 000497xxxxxx - 2545

08/05/2022 00:33:38.558 9944 20468 EMC:SYMSNAPVX Failed to load information. remote: 0, remote_hop_num: 0, retries: 3, sts: SYMAPI_C_ACCESS_DENIED - error msg: Symmetrix access control denied the request

08/05/2022 00:33:39.426 19788 20016 EMC:SYMSNAPVX read_authz_file Error reading Authz rules from array: 000497xxxxxx - 2545
以上错误表示 symauth 存在问题。但是,已检查 
 "symauth show -username"
并验证在 
 "symauth -sid <SID> list -users"
 还检查了 
"symacl -sid <sid> show accgroup Admingrp"
并验证主机是否属于 symacl AdminGrp。

尝试通过运行来同步 
"symcfg sync -sid <SID>"
但是,同步失败,并显示错误 “Symmetrix access control denied the request”。

Cause

SYMACL 访问问题

Resolution

运行 
"symacl -sid XXX show accgroup AdminGrp -acl"
并检查 AdminGrp 是否具有必要的访问类型 
C:\>symacl -sid XXX show accgroup AdminGrp -acl

Symmetrix ID: 000197XXXX
    Group Name                            Pool Name                            Access Type
    ----------------------------------    ---------------------------------    -----------
    AdminGrp                              ALL_DEVS                             ADMIN
    AdminGrp                              ALL_DEVS                             ALL

在上面的输出中,我们可以看到 AdminGrp 的访问类型为 ADMIN ALL,我们需要添加其他适当的访问权限来运行命令,例如 BASE 和 BASECTRL 来运行其他命令。
image.png

有关可用访问控制权限的更多信息,请参阅阵列控制和管理指南


https://dl.dell.com/content/docu95463用于授予访问组权限的命令: 
symacl -sid <SID> commit -file <FileName>

文件包含的位置: 
grant access=AccessType to accgroup GroupName for accpool PoolName | ALL | NON-POOLED devs
向 AdminGrp 授予 BASE BASECTRL 访问权限后,我们能够执行命令而不会出现任何错误。 
C:\>symacl -sid XXX show accgroup AdminGrp -acl

Symmetrix ID: 00019XXXXXX
    Group Name                            Pool Name                            Access Type
    ----------------------------------    ---------------------------------    -----------
    AdminGrp                              ALL_DEVS                             ADMIN
    AdminGrp                              ALL_DEVS                             ALL
    AdminGrp                              ALL_DEVS                             BASECTRL
    AdminGrp                              ALL_DEVS                             BASE

Affected Products

Solutions Enabler
Article Properties
Article Number: 000204041
Article Type: Solution
Last Modified: 11 Jul 2024
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.