13.2 Authentication provider behavior between RBAC and ZRBAC. Before OneFS 8.2.0, authentication providers are created in System access zone and accessible by any ‘access zones in a cluster. Each non-System access zone only contains its own local provider and uses other providers in the System access zone, shown as Figure 35. A local provider is created implicitly in each access zone. OCs ae cd Sates oer ecg Cera Viewable!modifiable from System access Figure 38 Authentication provider behavior in RBAC Starting with ZRBAC in OneFS 8.2.0, when an authentication provider is created from an access zone, itis, implicitly associated with the access zone. As shown in Figure 36, an authentication provider has following behavior based on that association: ‘+ An authentication provider created from System access zone + Can be viewed and used by all access zones, = Can be modifiedideleted only from System access zone, ‘+ An authentication provider created from a non-System access zone = Can only be used by that specific non-System access zone. = Cannot be used by other access zones, including System access zone. Can be viewed/modified/deleted only from that specific access zone and System access