Skip to main content

Admin group permissions

Contributors netapp-lhalbert ssantho3 netapp-perveilerk netapp-madkat dustinmassop

When creating admin user groups, you select one or more permissions to control access to specific features of the Grid Manager. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.

You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the Grid Manager or the Grid Management API.

By default, any user who belongs to a group that has at least one permission can perform the following tasks:

  • Sign in to the Grid Manager

  • View the dashboard

  • View the Nodes pages

  • Monitor grid topology

  • View current and resolved alerts

  • View current and historical alarms (legacy system)

  • Change their own password (local users only)

  • View certain information provided on the Configuration and Maintenance pages

Interaction between permissions and Access mode

For all permissions, the group's Access mode setting determines whether users can change settings and perform operations or whether they can only view the related settings and features. If a user belongs to multiple groups and any group is set to Read-only, the user will have read-only access to all selected settings and features.

The following sections describe the permissions you can assign when creating or editing an admin group. Any functionality not explicitly mentioned requires the Root access permission.

Root access

This permission provides access to all grid administration features.

Acknowledge alarms (legacy)

This permission provides access to acknowledge and respond to alarms (legacy system). All signed-in users can view current and historical alarms.

If you want a user to monitor grid topology and acknowledge alarms only, you should assign this permission.

Change tenant root password

This permission provides access to the Change root password option on the Tenants page, allowing you to control who can change the password for the tenant's local root user. This permission is also used for migrating S3 keys when the S3 key import feature is enabled. Users who don't have this permission can't see the Change root password option.

Note To grant access to the Tenants page, which contains the Change root password option, also assign the Tenant accounts permission.

Grid topology page configuration

This permission provides access to the Configuration tabs on the SUPPORT > Tools > Grid topology page.

ILM

This permission provides access to the following ILM menu options:

  • Rules

  • Policies

  • Erasure coding

  • Regions

  • Storage pools

Note Users must have the Other grid configuration and Grid topology page configuration permissions to manage storage grades.

Maintenance

Users must have the Maintenance permission to use these options:

  • CONFIGURATION > Access control:

    • Grid passwords

  • CONFIGURATION > Network:

    • S3 endpoint domain names

  • MAINTENANCE > Tasks:

    • Decommission

    • Expansion

    • Object existence check

    • Recovery

  • MAINTENANCE > System:

    • Recovery package

    • Software update

  • SUPPORT > Tools:

    • Logs

Users who don't have the Maintenance permission can view, but not edit, these pages:

  • MAINTENANCE > Network:

    • DNS servers

    • Grid Network

    • NTP servers

  • MAINTENANCE > System:

    • License

  • CONFIGURATION > Network:

    • S3 endpoint domain names

  • CONFIGURATION > Security:

    • Certificates

  • CONFIGURATION > Monitoring:

    • Audit and syslog server

Manage alerts

This permission provides access to options for managing alerts. Users must have this permission to manage silences, alert notifications, and alert rules.

Metrics query

This permission provides access to:

  • SUPPORT > Tools > Metrics page

  • Custom Prometheus metrics queries using the Metrics section of the Grid Management API

  • Grid Manager dashboard cards that contain metrics

Object metadata lookup

This permission provides access to the ILM > Object metadata lookup page.

Other grid configuration

This permission provides access to additional grid configuration options.

Tip To see these additional options, users must also have the Grid topology page configuration permission.
  • ILM:

    • Storage grades

  • CONFIGURATION > System:

    • Storage options

  • SUPPORT > Alarms (legacy):

    • Custom events

    • Global alarms

    • Legacy email setup

  • SUPPORT > Other:

    • Link cost

Storage appliance administrator

This permission provides access to the E-Series SANtricity System Manager on storage appliances through the Grid Manager.

Tenant accounts

This permission provides the ability to:

  • Access the Tenants page, where you can create, edit, and remove tenant accounts

  • View existing traffic classification policies

  • View Grid Manager dashboard cards that contain tenant details