A storage controller for controling access to data storage has a memory and
at least one data port for a data network including host processors. The
memory is programmed to define a respective specification for each host
processor of a respective subset of the data storage to which access by
the host processor is restricted, and each specification is associated
with a host identifier stored in the memory. When the storage controller
receives a data access request from a host processor, it decodes a host
identifier from the data access request, and searches the memory for a
host identifier matching the host identifier decoded from the request.
Upon finding a match, the respective specification of the respective
subset for the host processor is accessed to determine whether or not
storage specified by the storage access request is contained in the
respective subset. If so, then storage access can continue, and otherwise,
storage access is denied. Preferably the host identifier decoded from the
request is a temporary address assigned by the network, and also stored in
the memory in association with each respective specification is a
relatively permanent identifier for the host processor.
