Add a user or group and assign role and assets

Contributors netapp-soumikd netapp-asubhas Download PDF of this page

To configure role-based access control for SnapCenter users, you can add users or groups and assign role. The role determines the options that SnapCenter users can access.

What you will need

  • You must have logged in as the "SnapCenterAdmin" role.

  • You must have created the user or group accounts in Active Directory in the operating system or database. You cannot use SnapCenter to create these accounts.

    The user names and group names should not include /\[ ];|=,+*?< >' characters.
  • SnapCenter includes several predefined roles.

    You can either assign these roles to the user or create new roles.

  • AD Users and AD Groups that are added to SnapCenter RBAC must have the READ permission on the Users Container and the Computers Container in the Active Directory.

  • After you assign a role to a user or group that contains the appropriate permissions, you must assign the user access to SnapCenter assets, such as hosts and storage connections.

    This enables users to perform the actions for which they have permissions on the assets that are assigned to them.

  • You should assign a role to the user or group at some point to take advantage of RBAC permissions and efficiencies.

  • You can assign assets like host, resource groups, policy, storage connection, plug-in, and credential to the user while creating the user or group.

  • The minimum assets that you should assign an user to perform certain operations are as follows:

    Operation Assets assignment

    Protect resources

    host, policy

    Backup

    host, resource group, policy

    Restore

    host, resource group

    Clone

    host, resource group, policy

    Clone lifecycle

    host

    Create a Resource Group

    host

  • When a new node is added to a Windows cluster or a DAG (Exchange Server Database Availability Group) asset and if this new node is assigned to a user, you must reassign the asset to the user or group to include the new node to the user or group.

    You should reassign the RBAC user or group to the cluster or DAG to include the new node to the RBAC user or group. For example, you have a two-node cluster and you have assigned an RBAC user or group to the cluster. When you add another node to the cluster, you should reassign the RBAC user or group to the cluster to include the new node for the RBAC user or group.

  • If you are planning to replicate Snapshot copies, you must assign the storage connection for both the source and destination volume to the user performing the operation.

    You should add assets before assigning access to the users.

If you are using the SnapCenter Plug-in for VMware vSphere functions, to protect VMs, VMDKs, or datastores, you use the VMware vSphere GUI to add a vCenter user to a SnapCenter Plug-in for VMware vSphere role.

Steps

  1. In the left navigation pane, click Settings.

  2. In the Settings page, click Users and Access > add icon in configuring database screen.

  3. In the Add Users/Groups from Active Directory or Workgroup page:

    For this field…​ Do this…​

    Access Type

    Select either Domain or workgroup

    For Domain authentication type, you should specify the domain name of the user or group to which you want to add the user to a role.

    By default, it is pre-populated with the logged in domain name.

    You must register the untrusted domain in the Settings > Global Settings > Domain Settings page.

    Type

    Select either User or Group

    SnapCenter supports only security group and not the distribution group.

    User Name

    1. Type the partial user name, and then click Add.

      The user name is case-sensitive.
    2. Select the user name from the search list.

    When you add users from a different domain or an untrusted domain, you should type the user name fully because there is no search list for cross domain users.

    Repeat this step to add additional users or groups to the selected role.

    Roles

    Select the role to which you want to add the user.

  4. Click Assign, and then in the Assign Assets page:

    1. Select the type of asset from the Asset drop-down list.

    2. In the Asset table, select the asset.

      The assets are listed only if the user has added the assets to SnapCenter.

    3. Repeat this procedure for all of the required assets.

    4. Click Save.

  5. Click Submit.

    After adding users or groups and assigning roles, refresh the resources list.