Admin group permissions

When creating admin user groups, you select one or more permissions to control access to specific features of the Grid Manager. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the Grid Manager.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

The table shows the permissions you can assign when creating or editing an admin group. Any functionality not explicitly mentioned in the table requires the Root Access permission.
Note: You can use the Grid Management API to completely deactivate certain features. When a feature has been deactivated, the corresponding Management Permission no longer appears on the Groups page.
Management permission Description
Root Access Provides access to all grid administration features.
Grid Topology Page Configuration Provides access to the following menu options:
  • Configuration tabs available from the pages in Support > Grid Topology .
  • Reset event counts link on the Nodes > Events tab.
Tenant Accounts Provides access to the Tenants > Tenant Accounts page.
Note: Version 1 of the Grid Management API (which has been deprecated) uses this permission to manage tenant group policies, reset Swift admin passwords, and manage root user S3 access keys.
Maintenance Provides access to the following menu options:
  • Configuration > System Settings:
    • Domain Names*
    • Server Certificates*
  • Configuration > Monitoring:
    • Audit*
  • Maintenance > Maintenance Tasks
    • Expansion
    • Decommission
    • Recovery
  • Maintenance > Network :
    • Grid Network*
    • DNS Servers*
    • NTP Servers*
  • Maintenance > System:
    • Apply Hotfix
    • License*
    • Recovery Package
    • Software Upgrade
  • Support:
    • Logs

* Users who do not have the Maintenance permission can view, but not edit, the pages marked with an asterisk.

ILM

Provides access to the following menu options:

  • ILM
    • Rules
    • Policies
    • Erasure Coding
    • Regions
Note: Access to the ILM > Storage Pools and ILM > Storage Grades menu options is controlled by the Other Grid Configuration and Grid Topology Page Configuration permissions.
Acknowledge Alarms Provides access to acknowledge and respond to alarms. All signed-in users can monitor alarms.

If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.

Other Grid Configuration Provides access to additional grid configuration options.
Attention: To see these additional options, users must also have the Grid Topology Page Configuration permission.
  • Alarms:
    • Global Alarms
    • Email Setup
  • ILM:
    • Storage Pools
    • Storage Grades
  • Configuration > System Settings:
    • Grid Options
    • Link Cost
    • Storage Options
    • Display Options
  • Configuration > Monitoring:
    • Events
  • Support:
    • AutoSupport
Change Tenant Root Password Provides access to the Change Root Password button on the Tenant Accounts page, allowing you to control who can change the password for the tenant's local root user. Users who do not have this permission cannot see the Change Root Password button.
Note: You must assign the Tenant Accounts permission to the group before you can assign this permission.
Metrics Query Provides access to the Support > Metrics page. Also, provides access to custom Prometheus metrics queries using the Metrics section of the Grid Management API.
Object Metadata Lookup Provides access to the ILM > Object Metadata Lookup menu option.