U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Pure Storage FlashArray-Storage-Professional Exam - Topic 1 Question 12 Discussion

A FlashArray is set up with LDAP authentication. A user is a member of the groups associated with both Array Admin and Storage Admin.What experience is expected for the user?
A) User will have Array Admin permissions.
B) User will not be able to login.
C) User will have Storage Admin permissions.

Pure Storage FlashArray-Storage-Professional Exam - Topic 1 Question 12 Discussion

Actual exam question for Pure Storage's FlashArray-Storage-Professional exam
Question #: 12
Topic #: 1
[All FlashArray-Storage-Professional Questions]

A FlashArray is set up with LDAP authentication. A user is a member of the groups associated with both Array Admin and Storage Admin.

What experience is expected for the user?

Show Suggested Answer Hide Answer
Suggested Answer: A

Similar to the previous question regarding directory services, Pure Storage Purity OS handles Role-Based Access Control (RBAC) overlaps by granting the most permissive role available to the user.

When configuring LDAP or Active Directory authentication on a FlashArray, administrators map directory groups to specific FlashArray roles (Array Admin, Storage Admin, Ops Admin, Read Only). If a user happens to be a member of multiple LDAP groups that are mapped to different roles on the array, Purity evaluates all mapped roles and automatically assigns the user the highest level of privilege during their session.

Since 'Array Admin' has full administrative rights over the entire array (including hardware management, directory services configuration, and firmware upgrades) and sits higher in the hierarchy than 'Storage Admin' (which is restricted to provisioning and managing storage objects like volumes and hosts), the system will seamlessly grant the user Array Admin permissions.

Here is why the other options are incorrect:

User will not be able to login (B): Purity is designed to handle this exact scenario smoothly. It resolves the conflict by defaulting to the higher privilege, rather than throwing an error or denying access.

User will have Storage Admin permissions (C): The system does not default to the lowest privilege or restrict access when a higher-level group membership is present and valid.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel