Each user of the management GUI must provide a user name and a password to sign on. Each user also
has an associated role such as monitor, copy operator, service, administrator,
or security administrator. These roles are defined at the clustered
system level. For example, a user can be the administrator for one
system, but the security administrator for another system.
- Security Administrator
- Users can manage all
functions of the system, including managing users, user groups, and
user authentication. Security-administrator-role users can run any
system commands from the command-line interface (CLI), but cannot
run the sainfo and satask commands
from the CLI. Only the superuser ID can run
sainfo and satask commands.
- Administrator
- Users can manage all functions
of the system except those that manage users, user groups, and authentication.
Administrator-role users can run the system commands that the security-administrator-role
users can run from the CLI except for commands that deal with users,
user groups, and authentication.
- Copy Operator
- Users can start and stop all existing
FlashCopy, Metro Mirror, and Global Mirror relationships. Copy-operator-role
users can run the system commands that administrator-role users can
run that deal with FlashCopy, Metro Mirror, and Global Mirror relationships.
- Monitor
- Users have access to all system viewing
actions. Monitor-role users cannot change the state of the system
or change the resources that the system manages. Monitor-role users
can access all information-related GUI functions and commands, can
back up configuration data, and can change their own passwords.
- Service
- Users can set the time and date on the
system, delete dump files, add and delete nodes, apply
service, and shut down the system. Users can
also perform the same tasks as users in the monitor role.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.
User groups
Roles apply
to both local and remote users on the
system and are based on the user group to which the user belongs.A local user can belong
only to a single group; therefore, the role of a local user is defined
by the single group to which that user belongs. Users with the Security Administrator
role can organize users of the system by role through user groups.
The following user groups are configured
by default:
- Administrator
- Users access all functions on the
system except those that deal with managing users, user groups, and
authentication.
- SecurityAdmin
- Users access all functions on the
system, including managing users, user groups, and user authentication.
- CopyOperator
- Users manage FlashCopy, Metro Mirror,
and Global Mirror relationships.
- Service
- Users can set the time and date on the
system, delete dump files, add and delete nodes, and shut down the
system. This role is used by service personnel.
- Monitor
- Users view objects and system configuration
but cannot configure, modify, or manage the system or its resources.
- VASA Provider
- Users with this role can manage VMware vSphere Virtual Volumes.