Manage admin groups
You can create admin groups to manage the security permissions for one or more admin users. Users must belong to a group to be granted access to the StorageGRID system.
-
You are signed in to the Grid Manager using a supported web browser.
-
You have specific access permissions.
-
If you plan to import a federated group, you have configured identity federation and the federated group already exists in the configured identity source.
Create an admin group
Admin groups allow you to determine which users can access which features and operations in the Grid Manager and the Grid Management API.
Access the wizard
-
Select CONFIGURATION > Access control > Admin groups.
-
Select Create group.
Choose a group type
You can create a local group or import a federated group.
-
Create a local group if you want to assign permissions to local users.
-
Create a federated group to import users from the identity source.
-
Select Local group.
-
Enter a display name for the group, which you can update later as required. For example, “Maintenance Users” or “ILM Administrators.”
-
Enter a unique name for the group, which you can't update later.
-
Select Continue.
-
Select Federated group.
-
Enter the name of the group you want to import, exactly as it appears in the configured identity source.
-
For Active Directory and Azure, use the sAMAccountName.
-
For OpenLDAP, use the CN (Common Name).
-
For another LDAP, use the appropriate unique name for the LDAP server.
-
-
Select Continue.
Manage group permissions
-
For Access mode, select whether users in the group can change settings and perform operations in the Grid Manager and the Grid Management API or whether they can only view settings and features.
-
Read-write (default): Users can change settings and perform the operations allowed by their management permissions.
-
Read-only: Users can only view settings and features. They can't make any changes or perform any operations in the Grid Manager or Grid Management API. Local read-only users can change their own passwords.
If a user belongs to multiple groups and any group is set to Read-only, the user will have read-only access to all selected settings and features.
-
-
Select one or more admin group permissions.
You must assign at least one permission to each group; otherwise, users belonging to the group will not be able to sign in to StorageGRID.
-
If you are creating a local group, select Continue. If you are creating a federated group, select Create group and Finish.
Add users (local groups only)
-
Optionally, select one or more local users for this group.
If you have not yet created local users, you can save the group without adding users. You can add this group to the user on the Users page. See Manage users for details.
-
Select Create group and Finish.
View and edit admin groups
You can view details for existing groups, modify a group, or duplicate a group.
-
To view basic information for all groups, review the table on the Groups page.
-
To view all details for a specific group or to edit a group, use the Actions menu or the details page.
Task Actions menu Details page View group details
-
Select the checkbox for the group.
-
Select Actions > View group details.
Select the group name in the table.
Edit display name (local groups only)
-
Select the checkbox for the group.
-
Select Actions > Edit group name.
-
Enter the new name.
-
Select Save changes.
-
Select the group name to display the details.
-
Select the edit icon .
-
Enter the new name.
-
Select Save changes.
Edit access mode or permissions
-
Select the checkbox for the group.
-
Select Actions > View group details.
-
Optionally, change the group's Access mode.
-
Optionally, select or clear admin group permissions.
-
Select Save changes.
-
Select the group name to display the details.
-
Optionally, change the group's Access mode.
-
Optionally, select or clear admin group permissions.
-
Select Save changes.
-
Duplicate a group
-
Select the checkbox for the group.
-
Select Actions > Duplicate group.
-
Complete the Duplicate group wizard.
Delete a group
You can delete an admin group when you want to remove the group from the system, and remove all permissions associated with the group. Deleting an admin group removes any users from the group, but does not delete the users.
-
From the Groups page, select the checkbox for each group you want to remove.
-
Select Actions > Delete group.
-
Select Delete groups.