Admin group permissions

When creating administration user groups, you select one or more permissions to control access to specific features of the StorageGRID Webscale system. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the StorageGRID Webscale system.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

Sign in to the StorageGRID Webscale system
View the Dashboard
Monitor grid topology
Monitor alarms
Change their own password
View certain information on the Configuration and Maintenance pages

The table shows the permissions you can assign when creating or editing an admin group for StorageGRID Webscale access. Any functionality not explicitly mentioned in the table requires the Root Access permission.

Note: You can use the Grid Management API to completely deactivate certain features. When a feature has been deactivated, the corresponding Management Permission no longer appears on the Groups page.

Management permission	Description
Root Access	Provides access to all grid administration features.
Acknowledge Alarms	Provides access to acknowledge and respond to alarms. All signed-in users can monitor alarms. If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.
Change Tenant Root Password	Provides access to the Change Root Password button on the Tenant Accounts page, allowing you to control who can change the password for the tenant account's root user. Users who do not have this permission cannot see the Change Root Password button. Note: You must assign the Tenant Accounts permission to the group before you can assign this permission.
Grid Topology Page Configuration	Provides access to the Configuration tabs in Grid Topology.
ILM	Provides access to the following menu options: ILM > Rules ILM > Policies ILM > Erasure Coding ILM > Regions Note: Access to the ILM > Storage Pools and ILM > Storage Grades menu options is controlled by the Other Grid Configuration and Grid Topology Page Configuration permissions.
Maintenance	Provides access to the following menu options: Maintenance > Maintenance Tasks Expansion Decommission Recovery Maintenance > System : License* Logs Recovery Package Software Upgrade Maintenance > Network : Grid Network* DNS Servers* NTP Servers* Configuration > System Settings: Domain Names* Server Certificates* Configuration > Monitoring: Audit* * Users who do not have the Maintenance permission can view, but not edit, the pages marked with an asterisk.
Metrics Query	Provides access to custom Prometheus metrics queries using the Metrics section of the Management API.
Object Metadata Lookup	Provides access to the ILM > Object Metadata Lookup menu option.
Other Grid Configuration	Provides access to the following grid configuration options: Configuration > System Settings: Grid Options Link Cost Storage Options Display Options Configuration > Monitoring: Global Alarms Notifications Email Setup AutoSupport Events ILM: Storage Pools Storage Grades Note: Access to these items also requires the Grid Topology Page Configuration permission.
Tenant Accounts	Provides access to the Tenant Accounts page from the Tenants option, allowing you to control who can add, edit, or remove tenant accounts. Users who do not have this permission do not see the Tenants option in the menu. Note: Version 1 of the Grid Management API (which has been deprecated) uses this permission to manage tenant group policies, reset Swift admin passwords, and manage root user S3 access keys.