Admin group permissions

When creating admin user groups, you select one or more permissions to control access to specific features of the Grid Manager. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the Grid Manager.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

Sign in to the Grid Manager
View the Dashboard
View the Nodes pages
Monitor grid topology
Monitor alarms
Change their own password (local users only)
View certain information on the Configuration and Maintenance pages

The table shows the permissions you can assign when creating or editing an admin group. Any functionality not explicitly mentioned in the table requires the Root Access permission.

Note: You can use the Grid Management API to completely deactivate certain features. When a feature has been deactivated, the corresponding Management Permission no longer appears on the Groups page.

Management permission	Description
Root Access	Provides access to all grid administration features.
Grid Topology Page Configuration	Provides access to the following menu options: Configuration tabs available from the pages in Support > Grid Topology . Reset event counts link on the Nodes > Events tab.
Tenant Accounts	Provides access to the Tenants > Tenant Accounts page. Note: Version 1 of the Grid Management API (which has been deprecated) uses this permission to manage tenant group policies, reset Swift admin passwords, and manage root user S3 access keys.
Maintenance	Provides access to the following menu options: Configuration > System Settings: Domain Names* Server Certificates* Configuration > Monitoring: Audit* Maintenance > Maintenance Tasks Expansion Decommission Recovery Maintenance > Network : Grid Network* DNS Servers* NTP Servers* Maintenance > System: Apply Hotfix License* Recovery Package Software Upgrade Support: Logs * Users who do not have the Maintenance permission can view, but not edit, the pages marked with an asterisk.
ILM	Provides access to the following menu options: ILM Rules Policies Erasure Coding Regions Note: Access to the ILM > Storage Pools and ILM > Storage Grades menu options is controlled by the Other Grid Configuration and Grid Topology Page Configuration permissions.
Acknowledge Alarms	Provides access to acknowledge and respond to alarms. All signed-in users can monitor alarms. If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.
Other Grid Configuration	Provides access to additional grid configuration options. Attention: To see these additional options, users must also have the Grid Topology Page Configuration permission. Alarms: Global Alarms Email Setup ILM: Storage Pools Storage Grades Configuration > System Settings: Grid Options Link Cost Storage Options Display Options Configuration > Monitoring: Events Support: AutoSupport
Change Tenant Root Password	Provides access to the Change Root Password button on the Tenant Accounts page, allowing you to control who can change the password for the tenant's local root user. Users who do not have this permission cannot see the Change Root Password button. Note: You must assign the Tenant Accounts permission to the group before you can assign this permission.
Metrics Query	Provides access to the Support > Metrics page. Also, provides access to custom Prometheus metrics queries using the Metrics section of the Grid Management API.
Object Metadata Lookup	Provides access to the ILM > Object Metadata Lookup menu option.

Admin group permissions

More information