Admin group permissions
When creating admin user groups, you select one or more permissions to control access to specific features of the Grid Manager. You can then assign each user to one or more of these admin groups to determine which tasks that user can perform.
You must assign at least one permission to each group; otherwise, users belonging to that group will not be able to sign in to the Grid Manager or the Grid Management API.
By default, any user who belongs to a group that has at least one permission can perform the following tasks:
-
Sign in to the Grid Manager
-
View the dashboard
-
View the Nodes pages
-
View current and resolved alerts
-
Change their own password (local users only)
-
View certain information provided on the Configuration and Maintenance pages
Interaction between permissions and Access mode
For all permissions, the group's Access mode setting determines whether users can change settings and perform operations or whether they can only view the related settings and features. If a user belongs to multiple groups and any group is set to Read-only, the user will have read-only access to all selected settings and features.
The following sections describe the permissions you can assign when creating or editing an admin group. Any functionality not explicitly mentioned requires the Root access permission.
Root access
This permission provides access to all grid administration features.
Change tenant root password
This permission provides access to the Change root password option on the Tenants page, allowing you to control who can change the password for the tenant's local root user. This permission is also used for migrating S3 keys when the S3 key import feature is enabled. Users who don't have this permission can't see the Change root password option.
To grant access to the Tenants page, which contains the Change root password option, also assign the Tenant accounts permission. |
Grid topology page configuration
This permission provides access to the Configuration tabs on the SUPPORT > Tools > Grid topology page.
The Grid topology page has been deprecated and will be removed in a future release. |
ILM
This permission provides access to the following ILM menu options:
-
Rules
-
Policies
-
Policy tags
-
Storage pools
-
Storage grades
-
Regions
-
Object metadata lookup
Users must have the Other grid configuration and Grid topology page configuration permissions to manage storage grades. |
Maintenance
Users must have the Maintenance permission to use these options:
-
CONFIGURATION > Access control:
-
Grid passwords
-
-
CONFIGURATION > Network:
-
S3 endpoint domain names
-
-
MAINTENANCE > Tasks:
-
Decommission
-
Expansion
-
Object existence check
-
Recovery
-
-
MAINTENANCE > System:
-
Recovery package
-
Software update
-
-
SUPPORT > Tools:
-
Logs
-
Users who don't have the Maintenance permission can view, but not edit, these pages:
-
MAINTENANCE > Network:
-
DNS servers
-
Grid Network
-
NTP servers
-
-
MAINTENANCE > System:
-
License
-
-
CONFIGURATION > Network:
-
S3 endpoint domain names
-
-
CONFIGURATION > Security:
-
Certificates
-
-
CONFIGURATION > Monitoring:
-
Audit and syslog server
-
Manage alerts
This permission provides access to options for managing alerts. Users must have this permission to manage silences, alert notifications, and alert rules.
Metrics query
This permission provides access to:
-
SUPPORT > Tools > Metrics page
-
Custom Prometheus metrics queries using the Metrics section of the Grid Management API
-
Grid Manager dashboard cards that contain metrics
Object metadata lookup
This permission provides access to the ILM > Object metadata lookup page.
Other grid configuration
This permission provides access to additional grid configuration options.
To see these additional options, users must also have the Grid topology page configuration permission. |
-
ILM:
-
Storage grades
-
-
CONFIGURATION > System:
-
SUPPORT > Other:
-
Link cost
-
Storage appliance administrator
This permission provides:
-
Access to the E-Series SANtricity System Manager on storage appliances through the Grid Manager.
-
The ability to perform troubleshooting and maintenance tasks on the Manage drives tab for appliances that support these operations.
Tenant accounts
This permission provides the ability to:
-
Access the Tenants page, where you can create, edit, and remove tenant accounts
-
View existing traffic classification policies
-
View Grid Manager dashboard cards that contain tenant details