Admin group permissions

When creating admin user groups, you select one or more permissions to control access to specific features of the Grid Manager. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the Grid Manager.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

The table shows the permissions you can assign when creating or editing an admin group. Any functionality not explicitly mentioned in the table requires the Root Access permission.
Note: You can use the Grid Management API to completely deactivate certain features. When a feature has been deactivated, the corresponding Management Permission no longer appears on the Groups page.
Management permission Description
Root Access Provides access to all grid administration features.
Grid Topology Page Configuration Provides access to the Configuration tabs in Grid Topology. Also provides access to the Reset event counts links on the Nodes > Events tabs to return event counts to zero.
Tenant Accounts Provides access to the Tenant Accounts page from the Tenants option. Users who have this permission can add, edit, or remove tenant accounts. Users with this permission can also set the initial password for the tenant's local root user.

Users who do not have this permission do not see the Tenants option in the menu.

Note: Version 1 of the Grid Management API (which has been deprecated) uses this permission to manage tenant group policies, reset Swift admin passwords, and manage root user S3 access keys.
Maintenance Provides access to the following menu options:
  • Maintenance > Maintenance Tasks
    • Expansion
    • Decommission
    • Recovery
  • Maintenance > Network :
    • Grid Network*
    • DNS Servers*
    • NTP Servers*
  • Maintenance > System :
    • Apply Hotfix
    • License*
    • Recovery Package
    • Software Upgrade
  • Configuration > System Settings:
    • Domain Names*
    • Server Certificates*
  • Configuration > Monitoring:
    • Audit*

* Users who do not have the Maintenance permission can view, but not edit, the pages marked with an asterisk.

ILM

Provides access to the following menu options:

  • ILM > Rules
  • ILM > Policies
  • ILM > Erasure Coding
  • ILM > Regions
Note: Access to the ILM > Storage Pools and ILM > Storage Grades menu options is controlled by the Other Grid Configuration and Grid Topology Page Configuration permissions.
Acknowledge Alarms Provides access to acknowledge and respond to alarms. All signed-in users can monitor alarms.

If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.

Other Grid Configuration Provides access to the following grid configuration options:
  • Configuration > System Settings:
    • Grid Options
    • Link Cost
    • Storage Options
    • Display Options
  • Configuration > Monitoring:
    • Global Alarms
    • Notifications
    • Email Setup
    • AutoSupport
    • Events
  • ILM:
    • Storage Pools
    • Storage Grades
Note: Access to these items also requires the Grid Topology Page Configuration permission.
Change Tenant Root Password Provides access to the Change Root Password button on the Tenant Accounts page, allowing you to control who can change the password for the tenant's local root user. Users who do not have this permission cannot see the Change Root Password button.
Note: You must assign the Tenant Accounts permission to the group before you can assign this permission.
Metrics Query Provides access to custom Prometheus metrics queries using the Metrics section of the Management API.
Object Metadata Lookup Provides access to the ILM > Object Metadata Lookup menu option.