Skip to content

Powerscale Connector Prerequisites

Verify your system fits the descriptions below before starting the installation.

Pre-software Requirements

EMC Isilon - OneFS 7.1 and above

EMC Common Event Enabler - CEE 6.5 and above

Required Permissions

Data Access Security requires different permissions, based on the tasks that require those permissions. The user configured in the Application configuration wizard must have the following permissions on the Access Zone:

  • Share Read permissions to all share
  • Member of the local Administrator group
  • Member of the local Backup Operators group
  • Ability to list shares

Add required permissions by creating a new role and associating the user with that role in one of the following ways:

Add Permissions via the Cluster Management Web Interface

  1. Log in to the OneFS Cluster Management Web interface.
  2. Select Access > Membership and Roles.
  3. Select the Roles tab.
  4. Select Create Role.
  5. Enter a name for the Role (ex. DataAccessSecurity)
  6. Select Add a member to this role and add the Data Access Security user which will be used in the Application Configuration wizard.
  7. Scroll down and select Add a privilege to this role and add the following privileges:
    1. ‘Platform API: Log in to the Platform API and WebUI’ – read_only Access
    2. Auth: Configure Identities and authentication sources – read_only Access
    3. Audit: Configure audit capabilities – read_only Access
    4. SMB: configure SMB server – read_only Access

Add Permissions via the Cluster Management Shell

Run the following commands from the cluster management shell:

  • isi auth roles create FileAccessManager
  • isi auth roles modify FileAccessManager --add-priv-ro=ISI_PRIV_LOGIN_PAPI
  • isi auth roles modify FileAccessManager --add-priv-ro=ISI_PRIV_SMB
  • isi auth roles modify FileAccessManager --add-priv-ro=ISI_PRIV_AUTH
  • isi auth roles modify FileAccessManager --add-priv-ro=ISI_PRIV_AUDIT
  • isi auth roles modify FileAccessManager --add-user=’<domain>\<user>’

Add Permissions via Built-in Roles

Associate the user with the SystemAdmin and SecurityAdmin built-in roles.

  • isi auth roles modify SystemAdmin --add-user=’<domain>\<user>’
  • isi auth roles modify SecurityAdmin --add-user=’<domain>\<user>’

Configuring the CLI

To enable auditing - isi audit settings global modify --protocol-auditing-enabled on

To disable auditing - isi audit settings global modify --protocol-auditing-enabled off

Add access zone to audit - isi audit settings modify --audited-zones <ZONE>

View audit settings - isi audit settings global view

Audit Event Configuration Using CLI

To enable specific audit events - isi audit settings modify --audit-success create, rename, delete, read, write, get_security, set_security

To enable all audit events - isi audit settings modify --audit-success all

To monitor all the activities listed under the Monitored Activates section - Enable all audit events

Configuring Powerscale with Data Access Security

  1. If utilizing separate IP address ranges assigned to each access zone, each access zone should have its own separate Data Access Security application.
  2. If utilizing a single IP address range assigned to the System access zone or a single overarching access zone, then the System/main access zone should be the target of a single application in Data Access Security.

Communication Requirements

Requirement Source Destination Port
Permissions Collection & Data Classification Permissions Collection Virtual Appliance and / or Data Classification Virtual Appliance Powerscale SMB 445

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.