Creating admin groups

Admin groups allow you to determine which users can access which features and operations in the Grid Manager and the Grid Management API.

Before you begin

Procedure

  1. Select Configuration > Access Control > Admin Groups.
    The Admin Groups page appears and lists any existing admin groups.
    Groups page
  2. Select Add.
    The Add Group dialog box appears.
    Add Group
  3. For Group Type, select Local if you want to create a group that will be used only within StorageGRID, or select Federated if you want to import a group from the identity source.
  4. If you selected Local, enter a display name for the group. The display name is the name that appears in the Grid Manager. For example, Maintenance Users or ILM Administrators.
  5. Enter a unique name for the group.
    • Local: Enter whatever unique name you want. For example, ILM Administrators.
    • Federated: Enter the group's name exactly as it appears in the configured identity source.
  6. For Access Mode, select whether users in the group can change settings and perform operations in the Grid Manager and the Grid Management API or whether they can only view settings and features.
    • Read-write (default): Users can change settings and perform the operations allowed by their management permissions.
    • Read-only: Users can only view settings and features. They cannot make any changes or perform any operations in the Grid Manager or Grid Management API. Local read-only users can change their own passwords.
      Note: If a user belongs to multiple groups and any group is set to Read-only, the user will have read-only access to all selected settings and features.
  7. Select one or more management permissions.

    You must assign at least one permission to each group; otherwise, users belonging to the group will not be able to sign in to StorageGRID.

  8. Select Save.
    The new group is created. If this is a local group, you can now add one or more users. If this is a federated group, the identity source manages which users belong to the group.