Privileges required for effective Huawei OceanStor auditing
Certain minimum privileges are required to ensure ADAudit Plus runs effectively while auditing your Huawei OceanStor V5 series and 9000 V5 storage systems. These privileges vary depending on which OceanStor storage system you wish to audit.
You can either provide the necessary privileges to the user configured in the Domain Settings page of ADAudit Plus (in the top-right corner of the console and referred to below as the Domain Settings user) or create a dedicated ADAudit Plus Huawei user account and provide it with the privileges below.
- For OceanStor V5 series (system vStore 0 or default vStore)
Configure the Domain Authentication Server to provide the domain users with management permission.
Join the File Storage Service to the AD domain by providing the necessary details under Domain Authentication.
Provide the ADAudit Plus user account with Administrator-level privileges.
Provide the user with permission to access shares.
Provide the user with permission to read the share paths of the target shares and the audit log.
- For OceanStor V5 series vStores
Give the ADAudit Plus user account Administrator-level privileges, and provide management permission.
Ensure that the Domain Authentication Mode is set to vStore.
Join the File Storage Service to the AD domain by providing the necessary details under Domain Authentication.
Add the user to the Administrators group, and provide the user with permission to access the target shares.
- Provide the user with permission to read the share paths of the target shares and the audit log.
- For OceanStor 9000 V5
Join the File Storage Service to the AD domain by providing the necessary details under Domain Authentication.
Provide the Domain Settings user with permission to access the target shares.
Provide the Domain Settings user with permission to read the share paths of the target shares and the audit log.
