Skip to main content
NetApp Console setup and administration

NetApp Console platform access roles

Contributors netapp-tonias

Assign platform roles to users to grant permissions to manage the NetApp Console, assign roles, add users, create Console agents, and manage federations.

Example for organization roles for a large multi-national organization

XYZ Corporation organizes data storage access by region—North America, Europe, and Asia-Pacific—providing regional control with centralized oversight.

The Organization admin in XYZ Corporation's Console creates an initial organization and separate folders for each region. The Folder or project admin for each region organizes projects (with associated resources) within the region's folder.

Regional admins with the Folder or project admin role actively manage their folders by adding resources and users. These regional admins can also add, remove, or rename folders and projects they manage. The Organization admin inherits permissions for any new resources, maintaining visibility of storage usage across the entire organization.

Within the same organization, one user is assigned the Federation admin role to manage the federation of the organization with their corporate IdP. This user can add or remove federated organizations, but cannot manage users or resources within the organization. The Organization admin assigns a user the Federation viewer role to check federation status and view federated organizations.

The following tables indicate the actions that each Console platform role can perform.

Organization administration roles

Task Organization admin Folder or project admin

Create agents

Yes

No

Create, modify or delete systems from the Console (add or discover systems)

Yes

Yes

Create folders and projects, including deleting

Yes

No

Rename existing folders and projects

Yes

Yes

Assign roles and add users

Yes

Yes

Associate resources with folders and projects

Yes

Yes

Associate agents with folders and projects

Yes

No

Remove agents from folders and projects

Yes

No

Manage agents (edit certificates, settings, and so on)

Yes

No

Manage credentials from Administration > Credentials

Yes

Yes

Create, manage, and view federations

Yes

No

Register for support and submit cases through the Console

Yes

Yes

Use data services that are not associated with an explicit access role

Yes

Yes

View the Audit page and notifications

Yes

Yes

Federation roles

Task Federation admin Federation viewer

Create a federation

Yes

No

Verify a domain

Yes

No

Add a domain to a federation

Yes

No

Disable and delete federations

Yes

No

Test federations

Yes

No

View federations and their details

Yes

Yes

Partnership roles

Task Partnership admin Partnership viewer

Can create a partnership

Yes

No

Assign roles to partner members

Yes

No

Can add members to a partnership

Yes

No

Can view organization partnership details

Yes

Yes

Super admin and viewer roles

The Super admin role provides full access to manage Console features, storage, and data services. This role suits those overseeing administration and governance. In contrast, the Super viewer role offers read-only access, ideal for auditors or stakeholders who need visibility without making changes.

Organizations should use Super admin access sparingly to minimize security risks and align with the principle of least privilege. Most organizations should assign fine-grained roles with only the necessary permissions to reduce risk and improve auditability.

Example for super roles

ABC Corporation has a small team of five that leverages the NetApp Console for data services and storage management. Instead of distributing multiple roles, they assign the Super admin role to two senior team members who handle all administrative tasks, including user management and resource configuration. The remaining three team members are assigned the Super viewer role, allowing them to monitor storage health and data service status without the ability to modify settings.

Role Inherited roles

Super admin

  • Organization admin

  • Folder or project admin

  • Federation admin

  • Partnership admin

  • Ransomware Resilience admin

  • Disaster recovery admin

  • Backup super admin

  • Storage admin

  • Keystone admin

  • Google Cloud NetApp Volumes admin

Super viewer

  • Organization viewer

  • Federation viewer

  • Partnership viewer

  • Ransomware Resilience viewer

  • Disaster recovery viewer

  • Backup viewer

  • Storage viewer

  • Keystone viewer

  • Google Cloud NetApp Volumes viewer