Can All Users Use the Encryption Feature?
The permissions of users in a user group to use the encryption feature are as follows:
- The user who has security administrator permissions can grant KMS access permissions to EVS for using the encryption feature.
- When a common user who does not have security administrator permissions attempts to use the encryption feature, the condition varies depending on whether the user is the first one in the user group to use this feature.
- If the common user is the first one in the user group to use the encryption feature, the common user must request a user who has security administrator permissions to grant the common user permissions. Then, the common user can use the encryption feature.
- If the common user is not the first one in the user group to use the encryption feature, the user directly has the permissions to use the encryption feature.
The following section uses a user group as an example to describe how to grant KMS access permissions to EVS for using the encryption feature.
For example, a user group shown in Figure 1 consists of four users, user 1 to user 4. User 1 has security administrator permissions. Users 2, 3, and 4 are common users who do not have security administrator permissions.
Scenario 1: User 1 Uses the Encryption Feature
In this user group, if user 1 uses the encryption feature for the first time, the procedure is as follows:
- User 1 creates Xrole to grant KMS access permissions to EVS.
After user 1 grants permissions, the system automatically creates key evs/default for encrypting EVS disks.
When user 1 uses the encryption feature for the first time, the user must grant the KMS access permissions to EVS. Then, all the users in the user group can use the encryption feature by default.
- User 1 selects a key.
One of the following keys can be used:
- Default key evs/default
- Custom key, which was created before using the EVS disk encryption feature
- Newly created key (For instructions about how to create a key, see Creating a Key Pair in Data Encryption Workshop User Guide.)
After user 1 uses the encryption feature, all other users in the user group can use this feature, without requiring to contact user 1 for permissions granting.
Scenario 2: Common User Uses the Encryption Feature
In this user group, when user 3 uses the encryption feature for the first time:
- The system displays a message indicating that the user has no permissions.
- User 3 asks user 1 to create Xrole to grant KMS access permissions to EVS.
After user 1 grants the permissions, user 3 and all other users in the user group can use the encryption feature by default.
Others FAQs
- Can All Users Use the Encryption Feature?
- How Can I Add an ECS with Local Disks Attached to an ECS Group?
- How Can I Delete or Unsubscribe from a Yearly/Monthly Disk?
- Will My EVS Disk Be Unsubscribed or Deleted When I Unsubscribe from or Delete Its Server?
- Why Does a Disk Attached to a Windows ECS Go Offline?
- Why Does the Disk Drive Letter Change After the ECS Is Restarted?
- How Can I Obtain Data Disk Information If Tools Are Uninstalled?
- How Can I Rectify the Fault That May Occur on a Linux ECS with an NVMe SSD Disk Attached?
- Why Is the Device Name of My C6 ECS in the sd* Format?
- Why Are Disk Error Logs Printed After a Disk Attached to an ECS Is Formatted with the ext4 File System?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore