A method for implementing security management in a storage area network by
controlling access to network resources. Initially, a resource provider
communicates with potential resource users, such as host computers,
servers, and workstations, to allow the users to discover the resources
available on the storage area network. Resource users that have not
previously logged in to a particular resource supply identification
information to the resource provider, which places the information in a
`not yet approved entity` table. The `not yet approved entity` table is
made available to a management station. An administrator, using the
management station, then determines whether to authorize use of
resources. If access to the requested resource is allowed, the resource
user identification information is stored in an `approved entity` table.
A login is then allowed by the resource user to the selected resource.
Once a resource user has initially logged in, connection information is
maintained in the `approved entity` table facilitating subsequent log-in
attempts by the resource user.