Help Center > > FAQs> Disk Management> Others> Can All Users Use the Encryption Feature?

Can All Users Use the Encryption Feature?

Updated at: Sep 02, 2021 GMT+08:00

The rights of users in a user group to use the encryption feature are as follows:

  • The user who has security administrator rights can grant KMS access rights to EVS for using the encryption feature.
  • When a common user who does not have security administrator rights attempts to use the encryption feature, the condition varies depending on whether the user is the first one in the user group to use this feature.
    • If the common user is the first one in the user group to use the encryption feature, the common user must request a user who has security administrator rights to grant the common user permissions. Then, the common user can use the encryption feature.
    • If the common user is not the first one in the user group to use the encryption feature, the user will have the permission to use the encryption feature.

The following section uses a user group as an example to describe how to grant KMS access rights to EVS for using the encryption feature.

For example, a user group shown in Figure 1 consists of four users, user 1 to user 4. User 1 has security administrator rights. Users 2, 3, and 4 are common users who do not have security administrator rights.

Figure 1 User group

Scenario 1: User 1 Uses the Encryption Feature

In this user group, if user 1 uses the encryption feature for the first time, the procedure is as follows:

  1. User 1 creates Xrole to grant KMS access permissions to EVS.

    After user 1 grants permissions, the system automatically creates CMK evs/default for encrypting EVS disks.

    When user 1 uses the encryption feature for the first time, the user must grant the KMS access permissions to EVS. Then, all the users in the user group can use the encryption feature by default.

  2. User 1 selects a key.
    One of the following keys can be used:
    • Default CMK, evs/default
    • CMK, the key created before using the EVS disk encryption feature
    • Newly created key (For instructions about how to create a key, see Creating a Key Pair in Data Encryption Workshop User Guide.)

After user 1 uses the encryption feature, all other users in the user group can use this feature, without requiring to contact user 1 for rights granting.

Scenario 2: Common User Uses the Encryption Feature

In this user group, when user 3 uses the encryption feature for the first time:

  1. The system displays a message indicating that the user has no rights.
  2. User 3 asks user 1 to create Xrole to grant KMS access permissions to EVS.

After user 1 grants the permissions, user 3 and all other users in the user group can use the encryption feature by default.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel