1. Field of the Invention
The present invention relates to operation permission management for a storage device in a computer system configured from a computer and the above-mentioned storage device.
2. Description of the Related Art
A large-scale storage device may also be called a storage subsystem, and in addition to making high-speed, large-capacity storage possible, also has advanced data management functions. A plurality of physical storage components, such as hard disk drives, is mounted inside the storage device, and a logical volume, which is a logical storage area, is configured by appropriately reallocating the storage area inside these storage components. Basically, it is this logical volume unit that the host computer is able to utilize, and data used in processing work is able to be stored in this logical volume. Further, the value-added functions provided by the storage device, for example, a data copy process that does not go through the host computer, are also carried out having this logical volume as the primary unit of operation.
To allocate and operate the logical volume, the storage administrator must make various settings and carry out operations, such as changing the operational status, with respect to the storage device. However, failure to add appropriate restrictions for these settings and operations in accordance with the situation gives rise to problems, such as the inability to access the logical volume from the host and the loss of required data.
To prevent problems like this, the present invention relates to a method for restricting access to the storage device when making settings and carrying out operations. A known technology for this restriction method is disclosed in the patent document (JP-A-2006-79194).
The problem that the present invention is to solve is to provide better setting/operation restricting means for enhancing the security of settings/operations with respect to the storage device. The patent document (JP-A-2006-79194) discloses technology for carrying out access restriction by registering a storage operating schedule inside a management server, which is a computer for managing the storage device, and distributing storage access permission information in accordance with this operating schedule to the storage device and a server, which is a computer that utilizes the storage device.
However, the problem is that since the contents registered in the operating schedule relate to the operation of the storage device, it is only possible to carry out access restriction corresponding to the situation on the storage device side.
Another problem is that it is only possible to apply access restrictions in a form that accords with the previously registered operating schedule. For example, it is not possible to apply appropriate access restrictions in a case where an event, which is impossible to predict in advance, such as a malfunction, occurs. Further, in a case where the contents of an operation change (diverge) in accordance with circumstances, it is not possible to deal with this change even in an event that is able to be predicted in advance.