.. _Managing LUN Views: Managing LUN Views ------------------ LUN views provide a way to create and manage an access control list (ACL) that limits access to chosen LUNs for specific initiators. Initiators not on the list have access to all LUNs in iSCSI target groups. Volumes exported via Fibre Channel target groups, however, can only be accessed by initiators that are added to group ACL. To use ACL-based authorization, enable it for the target group: :: # vstorage-target tg-auth -enable-acl -id .. _Creating LUN Views: Creating LUN Views ~~~~~~~~~~~~~~~~~~ To create a LUN view for an initiator, use the commands ``vstorage-target tg-initiator add`` or ``vstorage-target view-add``. The former command adds an initiator to target group's ACL and creates a view for it. The latter command is used to add views to initiators that are already on the ACL. For example: :: # vstorage-target tg-initiator add -alias initiator2 -luns 0,1 \ -tg ee764519-80e3-406e-b637-8d63712badf1 -wwn iqn.1994-05.com.redhat:1535946874d This command adds the initiator with the IQN ``iqn.1994-05.com.redhat:1535946874d`` to the ACL of the target group with the ID ``ee764519-80e3-406e-b637-8d63712badf1`` and creates a view allowing it to access the LUNs with the IDs ``0`` and ``1``. Another example: :: # vstorage-target view-add -tg faeacacd-eba6-416c-9a7f-b5ba9e372e16 -lun 2 -map 2 \ -wwn iqn.1994-05.com.redhat:1535946874d This command adds a view for the same initiator allowing it to access LUN 2 as well. .. _Listing LUN Views: Listing LUN Views ~~~~~~~~~~~~~~~~~ To list LUN views for an initiator, use the ``vstorage-target view-list`` command. For example: :: # vstorage-target view-list -tg ee764519-80e3-406e-b637-8d63712badf1 \ -wwn iqn.1994-05.com.redhat:1535946874d This command lists views for the initiator with the IQN ``iqn.1994-05.com.redhat:1535946874d``. .. _Changing LUN View Details: Changing LUN View Details ~~~~~~~~~~~~~~~~~~~~~~~~~ To change LUN views for an initiator, use the ``vstorage-target view-set`` command. For example: :: # vstorage-target view-set -luns 1 -tg ee764519-80e3-406e-b637-8d63712badf1 \ -wwn iqn.1994-05.com.redhat:1535946874d This command allows the initiator with the IQN ``iqn.1994-05.com.redhat:1535946874d`` to access only LUN 1. Essentially, it deletes all LUN views for it excluding specified. .. _Deleting LUN Views: Deleting LUN Views ~~~~~~~~~~~~~~~~~~ To delete a LUN view for an initiator, use the ``vstorage-target view-del`` command. :: # vstorage-target view-del -lun 1 -tg ee764519-80e3-406e-b637-8d63712badf1 \ -wwn iqn.1994-05.com.redhat:1535946874d This command deletes the view for LUN 1 for the initiator with the IQN ``iqn.1994-05.com.redhat:1535946874d``.