The critical security features that provide protection are:
Authentication—The appliance monitor relies on current mechanisms used by the Sun ZFS Storage Appliance.
Authorization—The appliance monitor requires an account on the appliance to gain authorization. All user privileges and policies for the account are enforced by the appliance.
Confidentiality—All application data generated by the appliance monitor is stored in a secure sandbox directory on the mobile device. The data is automatically encrypted, but is more secure if the device password is set.
All authentication configuration is done through the configuration view on the appliance monitor which includes both the manual option and the remote configuration file option (see Installation Overview). All authentication is user name and password based. Without credentials, the appliance monitor is unable to access the appliance.
Authorization includes primarily two processes:
Permitting only certain users to access, process, or alter data
Applying varying limitations on user access or actions. The limitations placed on (or removed from) users can apply to objects, such as schemas, tables, or rows; or to resources, such as time (CPU, connect, or idle times).
The basic concepts and mechanisms for placing or removing such limitations on users, individually or in groups, are described in the next section.
A privilege is a right to execute a particular type of XML-RPC command on the appliance. Some examples of privileges include the right to:
Log in to the appliance
View system status
View analytical data
Receive problem notifications
Mark issues as repaired
Flash LEDs on the appliance
These types of privileges should only be granted to a user who requires this kind of functionality in their job responsibilities. Ultimately the appliance monitor logs into a user account on the appliance, and Solaris enforces the appropriate user policies, based on administrator settings.