Admin group permissions

When creating administration user groups, you select one or more permissions to control access to specific features of the StorageGRID Webscale system. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the StorageGRID Webscale system.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

The table shows the permissions you can assign when creating or editing an admin group for StorageGRID Webscale access. Any functionality not explicitly mentioned in the table requires the Root Access permission.
Note: You can use the Grid Management API to completely deactivate certain features. When a feature has been deactivated, the corresponding Management Permission no longer appears on the Groups page.
Management permission Description
Root Access Provides access to all grid administration features.
Acknowledge Alarms Provides access to acknowledge and respond to alarms. All signed-in users can monitor alarms.

If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.

Change Tenant Root Password Provides access to the Change Root Password button on the Tenant Accounts page, allowing you to control who can change the password for the tenant account's root user. Users who do not have this permission cannot see the Change Root Password button.
Note: You must assign the Tenant Accounts permission to the group before you can assign this permission.
Grid Topology Page Configuration Provides access to the Configuration tabs in Grid Topology.
ILM

Provides access to the following menu options:

  • ILM > Rules
  • ILM > Policies
  • ILM > Erasure Coding
  • ILM > Regions
Note: Access to the ILM > Storage Pools and ILM > Storage Grades menu options is controlled by the Other Grid Configuration and Grid Topology Page Configuration permissions.
Maintenance Provides access to the following menu options:
  • Maintenance > Maintenance Tasks
    • Expansion
    • Decommission
    • Recovery
  • Maintenance > System :
    • License*
    • Logs
    • Recovery Package
    • Software Upgrade
  • Maintenance > Network :
    • Grid Network*
    • DNS Servers*
    • NTP Servers*
  • Configuration > System Settings:
    • Domain Names*
    • Server Certificates*
  • Configuration > Monitoring:
    • Audit*

* Users who do not have the Maintenance permission can view, but not edit, the pages marked with an asterisk.

Metrics Query Provides access to custom Prometheus metrics queries using the Metrics section of the Management API.
Object Metadata Lookup Provides access to the ILM > Object Metadata Lookup menu option.
Other Grid Configuration Provides access to the following grid configuration options:
  • Configuration > System Settings:
    • Grid Options
    • Link Cost
    • Storage Options
    • Display Options
  • Configuration > Monitoring:
    • Global Alarms
    • Notifications
    • Email Setup
    • AutoSupport
    • Events
  • ILM:
    • Storage Pools
    • Storage Grades
Note: Access to these items also requires the Grid Topology Page Configuration permission.
Tenant Accounts Provides access to the Tenant Accounts page from the Tenants option, allowing you to control who can add, edit, or remove tenant accounts. Users who do not have this permission do not see the Tenants option in the menu.
Note: Version 1 of the Grid Management API (which has been deprecated) uses this permission to manage tenant group policies, reset Swift admin passwords, and manage root user S3 access keys.