Each user of the management GUI must provide a user name and a
password to sign on. Each user also has an associated role such as monitor or security
administrator. These roles are defined at the system level. For example, a user can be the
administrator for one system, but the security administrator for another system.
You can assign the following roles to your user groups:
- Monitor
- Users have access to all system viewing actions. Monitor-role users cannot change the state of
the system nor change the resources that the system manages. Monitor-role users can access all
information-related GUI functions and commands, back up configuration data, and change their own
passwords.
- Copy Operator
- Users can start and stop all existing FlashCopy,
Metro Mirror, and Global Mirror relationships. Copy-operator-role users can run the system commands
that administrator-role users can run that deal with FlashCopy, Metro Mirror, and Global Mirror relationships.
- Copy Operator
- Users can start and stop all existing FlashCopy,
Metro Mirror, and Global Mirror relationships. Copy-operator-role users can run the system commands
that administrator-role users can run that deal with FlashCopy, Metro Mirror, and Global Mirror relationships.
- Service
- Users can set the time and date on the system, delete dump files, add and delete nodes, apply
service, and shut down the system. Users can also complete the same tasks as users in the monitor
role.
- Administrator
- Users can manage all functions of the system except those functions that manage users, user
groups, and authentication. Administrator-role users can run the system commands that the
security-administrator-role users can run from the CLI, except for commands that deal with users,
user groups, and authentication.
- Security Administrator
- Users can manage all functions of the system, including managing users, user groups, user
authentication, and configuring encryption. Security-administrator-role users can run any
system commands from the command-line interface (CLI). However, they cannot run the
sainfo and satask commands from the CLI. Only the
superuser ID can run sainfo and satask
commands.
- Restricted Administrator
- Users can perform the same tasks and run most of the same commands as administrator-role users.
However, users with the Restricted Administrator role are not authorized to run
the rmvdisk, rmvdiskhostmap, rmhost, or
rmmdiskgrp commands. Support personnel can
be assigned this role to help resolve errors and fix problems.
- Restricted Administrator
- Users can perform the same tasks and run most of the same commands as administrator-role users.
However, users with the Restricted Administrator role are not authorized to run
the rmvdisk, rmvdiskhostmap, rmhost, or
rmmdiskgrp commands. Support personnel can
be assigned this role to help resolve errors and fix problems.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.
User groups
Users with the Security Administrator role can organize users of
the system by role through user groups.
Administrators can create role-based user groups where any users that are
added to the group adopt the role that is assigned to that group. Roles apply to both local and
remote users on the system and are based on the user group to which the user belongs. A local user
can belong only to a single group; therefore, the role of a local user is defined by the single
group to which that user belongs. Roles are defined at the system level, which means that a user can
be an administrator on one system, but a security administrator on another system.
The following user groups are configured by default:
- SecurityAdmin
- Users access all functions on the system, including managing users, user groups, and user
authentication. Users can also configure encryption on the system.
- Administrator
- Users can perform most of the same tasks as users who are in the SecurityAdmin role. However,
these users cannot access functions that deal with managing users, user groups, and authentication.
- RestrictedAdmin
- Users can perform the same tasks and run most of the same commands as administrator-role users.
However, users with the Restricted Administrator role are not authorized to run
the rmvdisk, rmvdiskhostmap, rmhost, or
rmmdiskgrp commands. Support personnel can be assigned this role to help resolve
errors and fix problems.
- CopyOperator
- Users manage FlashCopy, Metro Mirror, and Global
Mirror relationships.
- CopyOperator
- Users manage FlashCopy, Metro Mirror, and Global
Mirror relationships.
- Service
- Users can set the time and date on the system, delete dump files, add and delete nodes, apply
service, and shut down the system. Users can also complete the same tasks as users in the monitor
role.
- Monitor
- Users can view objects and system configuration but cannot configure, modify, or manage the
system or its resources.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.