Configure role-based access

To limit user access to specific functions, you can modify which roles are specified for each user account.

About this task

The Web Services Proxy includes role-based access control (RBAC), in which roles are associated with predefined users. Each role grants permissions to a specific level of functionality. You can change the roles assigned to user accounts by directly modifying the users.properties file.

Note: You can also change user accounts by using Access Management in Unified Manager. For more information, see the online help available with Unified Manager.

Steps

  1. Open the users.properties file, located in:
    • (Windows) – C:\Program Files\NetApp\SANtricity Web Services Proxy\data\config
    • (Linux) – /opt/netapp/santricity_web_services_proxy/data/config
  2. Locate the line for the user account you want to modify (storage, security, monitor, support, rw, or ro).
    Note: Do not modify the admin user. This is a super user with access to all functions.
  3. Add or remove the specified roles, as desired.
    Roles include:
    • security.admin – SSL and certificate management.
    • storage.admin – Full read/write access to storage system configuration.
    • storage.monitor – Read-only access to view storage system data.
    • support.admin – Access to all hardware resources on storage systems and support operations such as AutoSupport (ASUP) retrieval.
    Note: The storage.monitor role is required for all users, including the administrator.
  4. Save the file.