User roles

Each user of the management GUI must provide a user name and a password to sign on. Each user also has an associated role such as monitor, copy operator, service, administrator, or security administrator. These roles are defined at the clustered system level. For example, a user can be the administrator for one system, but the security administrator for another system.

Security Administrator
Users can manage all functions of the system, including managing users, user groups, and user authentication. Security-administrator-role users can run any system commands from the command-line interface (CLI). However, they cannot run the sainfo and satask commands from the CLI. Only the superuser ID can run sainfo and satask commands.
Administrator
Users can manage all functions of the system except those functions that manage users, user groups, and authentication. Administrator-role users can run the system commands that the security-administrator-role users can run from the CLI except for commands that deal with users, user groups, and authentication.
Restricted Administrator
Users can perform the same tasks and run most of the same commands as administrator-role users. However, users with the Restricted Administrator role are not authorized to run the rmvdisk, rmvdiskhostmap, rmhost, or rmmdiskgrp commands. Support personnel can be assigned this role to help resolve errors and fix problems.
Copy Operator
Users can start and stop all existing FlashCopy, Metro Mirror, and Global Mirror relationships. Copy-operator-role users can run the system commands that administrator-role users can run that deal with FlashCopy, Metro Mirror, and Global Mirror relationships.
Monitor
Users have access to all system viewing actions. Monitor-role users cannot change the state of the system nor change the resources that the system manages. Monitor-role users can access all information-related GUI functions and commands, back up configuration data, and change their own passwords.
Service
Users can set the time and date on the system, delete dump files, add and delete nodes, apply service, and shut down the system. Users can also complete the same tasks as users in the monitor role.
VASA Provider
Users with this role can manage VMware vSphere Virtual Volumes.

User groups

Roles apply to both local and remote users on the system and are based on the user group to which the user belongs.A local user can belong only to a single group; therefore, the role of a local user is defined by the single group to which that user belongs. Users with the Security Administrator role can organize users of the system by role through user groups.

The following user groups are configured by default.

SecurityAdmin
Users access all functions on the system, including managing users, user groups, and user authentication.
Administrator
Users have access to all functions on the system except those functions that deal with managing users, user groups, and authentication.
RestrictedAdmin
Users can perform the same tasks and run most of the same commands as administrator-role users. However, users with the Restricted Administrator role are not authorized to run the rmvdisk, rmvdiskhostmap, rmhost, or rmmdiskgrp commands. Support personnel can be assigned this role to help resolve errors and fix problems.
CopyOperator
Users manage FlashCopy, Metro Mirror, and Global Mirror relationships.
Service
Users can set the time and date on the system, delete dump files, add and delete nodes, apply service, and shut down the system. Users can also complete the same tasks as users in the monitor role.
Monitor
Users can view objects and system configuration but cannot configure, modify, or manage the system or its resources.
VASA Provider
Users with this role can manage VMware vSphere Virtual Volumes.