We're just getting started with using VVOLs/VASA with a 3PAR array, and one of the issues we don't yet fully understand is how to restrict access to a storage container to a subset of our vSphere hosts.

With a traditional storage approach, we could export an iSCSI LUN to a subset of hosts in our environment (for example all of the hosts in a cluster), and ESXi hosts in other clusters would not be able to access the datastore. With the VASA approach, there isn't a step on the array where we export a storage container/VLUN to an explicit set of hosts so we're not sure how to perform the analogous operation.

We have created separate storage containers on the array to logically separate the storage for VMs that reside in different clusters. I have noticed that in vCenter, on the cluster object, when I use Actions -> Storage -> New Datastore... there's a subitem 'Select hosts accessibility' that lets me select which hosts have access to the vvol-based datastore. Selecting ESXi hosts seems to enable access, as well as mount the filesystem. After performing this task, the datastore shows up on the ESXi hosts when I use commands including:
esxcli storage filesystem list

esxcli storage core path list

Conversely, these commands do not show other VVOL-based storage containers that haven't been made available to the cluster ESXi hosts via vCenter, and

esxcli storage filesystem mount -v volume_name returns a: No volume with label 'volume_name' was found error

Basically, we'd like to understand if these observations imply that there isn't a mechanism to access or mount the storage using esxcli or other commands from the host in a cluster that hasn't had the datastore made accessible to it via the above vCenter mechanism.

I've hunted around in both the VMware and storage vendor documentation to see if I can get a better description of how access control at the ESXi host level works for these storage constructs, but have come up empty. I'd appreciate any pointers to descriptions or documentation on how this works.

Thank you.