Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.x ... » Oracle^® ZFS Storage Appliance ... » Appliance Services » Configuring Services » Identity Mapping Configuration » Creating a Mapping Rule (BUI)

Updated: November 2018

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Document Information

About Oracle ZFS Storage Appliance

Configuring the Appliance

Appliance Services

Managing Services

Configuring Services

Active Directory Configuration

Joining an AD Domain (BUI)

Joining an AD Workgroup (BUI)

Configuring Active Directory (CLI)

Active Directory Join Domain

Active Directory Domains and Workgroups

Active Directory Windows Server Support

DNS Configuration

Configuring DNS (BUI)

Configuring DNS (CLI)

Testing Hostname Resolution (CLI)

Adding a DNS Server (BUI)

Adding a DNS Server (CLI)

Viewing DNS Server Status (BUI)

Viewing DNS Server Status (CLI)

DNS Properties and Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

Dynamic Routing Configuration

FTP Configuration

Adding FTP Access to a Share (BUI)

HTTP Configuration

Adding HTTP Access to a Share (BUI)

HTTP Properties and Logs

HTTP Authentication and Access Control

Object Store Configuration

HTTPS Configuration

HTTPS Properties and Logs

Identity Mapping Configuration

Configuring Identity Mapping (BUI)

Configuring Identity Mapping (CLI)

Creating a Mapping Rule (BUI)

Creating a Mapping Rule (CLI)

Viewing a Mapping (BUI)

Flushing Mappings from the Cache (BUI)

Flushing Mappings from the Cache (CLI)

Identity Mapping Best Practices

Identity Mapping Concepts

Cached and Ephemeral Mappings

Identity Mapping Case Sensitivity

Mapping Rule Directional Symbols

IPMP Configuration

iSCSI Configuration

Kerberos Configuration

Creating a Kerberos Realm (BUI)

Creating a Kerberos Realm (CLI)

Importing Kerberos Keys (BUI)

Importing Kerberos Keys (CLI)

Creating Kerberos Principals and Keys (BUI)

Creating Kerberos Principals and Keys (CLI)

Deleting Kerberos Principals and Keys (BUI)

Deleting Kerberos Principals and Keys (CLI)

Destroying a Kerberos Realm (BUI)

Destroying a Kerberos Realm (CLI)

Kerberos Service Properties

Kerberos Properties and Logs

LDAP Configuration

Adding an Appliance Administrator (BUI)

Setting Properties with Multiple Attribute Value Pairs (CLI)

Configuring LDAP Security Settings (BUI)

Configuring LDAP Security Settings (CLI)

Monitoring LDAP Server Status (BUI)

Monitoring LDAP Server Status (CLI)

LDAP Properties

LDAP Custom Mappings

NDMP Configuration

NDMP Local vs. Remote Configurations

NDMP Backup Formats and Types

NDMP Backup with Types dump and tar

NDMP Backup with Type zfs

NDMP Incremental Backups

Replica Backups

NDMP Properties and Logs

NFS Configuration

NFS Service Properties

Configuring Kerberos Realms for NFS

NFS Logs and Analytics

NFS Naming Service Dependencies

Sharing a Filesystem Over NFS

NIS Configuration

Adding an Appliance Administrator from NIS (BUI)

NIS Properties and Logs

NTP Configuration

Setting Clock Synchronization (BUI)

Configuring NTP (CLI)

Phone Home Configuration

Registering the Appliance (BUI)

Registering the Appliance (CLI)

Changing Account Information (BUI)

Phone Home Properties

RESTful API Configuration

Service Tags Configuration

SFTP Configuration

Adding SFTP Access to a Share (BUI)

Configuring SFTP for Remote Access (CLI)

SFTP Properties, Ports, and Logs

Shadow Migration Configuration

SMB Configuration

SMB Service Properties

Setting Properties to Export Shares over SMB

NFS/SMB Interoperability

SMB DFS Namespaces

SMB Microsoft Stand-alone DFS Namespace Management Tools Support Matrix

Adding DFS Namespaces to a Local SMB Group

Adding SMB Autohome Rules (CLI)

Adding a User to an SMB Local Group

SMB MMC Integration

SMB Share Management

SMB Users, Groups, and Connections

Listing SMB Services

Configuring SMB (BUI)

Configuring SMB Active Directory (BUI)

Configuring SMB Project and Share (BUI)

Configuring SMB Data Service (BUI)

SMTP Configuration

SNMP Configuration

Configuring SNMP to Serve Appliance Status (BUI)

Configuring SNMP to Send Traps (BUI)

SNMP Properties

SRP Configuration

SSH Configuration

Disabling root SSH Access (CLI)

SSH Properties and Logs

Syslog Configuration

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

SYSLOG Message Format

SYSLOG Alert Message Format

Example Configuring an Oracle Solaris Receiver (CLI)

Example Configuring a Linux Receiver (CLI)

System Identity Configuration

System Identity Properties and Logs

TFTP Configuration

Adding TFTP Access to a Share (BUI)

Virus Scan Configuration

Configuring Virus Scanning for a Share (BUI)

Virus Scan Properties and Logs

Virus Scan File Extensions

Scanning Engines

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Creating a Mapping Rule (BUI)

Use the following procedure to grant or deny credentials for specific users through the identity mapping service. An "allow" mapping rule grants Windows identity credentials from a UNIX identity or vice versa. A "deny" mapping rule blocks a Windows identity from receiving the credentials of a UNIX identity or vice versa.

Note - If you create a mapping rule that blocks a particular user, and the user's name then changes, the mapping no longer blocks that user.

Before You Begin

Configure rule-based mapping as described in Configuring Identity Mapping (BUI).

Go to Configuration > Services > Identity Mapping > Rules.
Click the add item icon next to Rules.
In the Add Mapping Rule dialog box, choose either Allow or Deny for the mapping type.
Complete the remaining fields according to the selected mapping type.
- Allow mapping:
  - Mapping Direction - Choose a direction.
  - Windows Domain - Type the Active Directory domain of the Windows identity, or select All.
  - Windows Identity - Type the name of the Windows identity.
  - Unix Identity - Type the name of the UNIX identity.
  - Unix Identity Type - Select either User or Group.
- Deny mapping:
  1. For Mapping Direction, choose one of the two options.
    - Block Windows identity mapping - Prevents a Windows identity from gaining the credentials of a UNIX identity
    - Block Windows identity mapping - Prevents a UNIX identity from gaining the credentials of a Windows identity
  2. Enter the Windows or UNIX identity information.
    - If you selected Block Windows identity mapping, type the Windows domain and identity you want to block.
    - If you selected Block UNIX identity mapping, type the UNIX identity and identity type you want to block.
Click ADD.
The new mapping appears in the Rules list.

Related Topics

Mapping Rule Directional Symbols

Copyright © 2009, 2018, Oracle and/or its affiliates. All rights reserved.