User roles

Content Platform S Series Node Help

Version
4.0.0
Audience
anonymous
Part Number
MK-HCPS027-02

A role is a named collection of permissions that can be associated with an S Series Node user account. The roles associated with a user account determine which S Series Node interfaces the user can use and what the user can do with those interfaces. Roles generally correspond to job functions.

Each user account must be associated with one or more roles. The account user has all the permissions granted by each of the associated roles.

The roles that you can associate with a user account are listed below.

Administrator
Grants permission to use the HCP S Series Management Console and management API to:
  • View S Series Node configuration, status, and current and past storage-usage, system-load, and resource-load statistics.
  • Perform configuration activities (such as changing server module IP addresses).
  • View information about the currently active SSH keys.
  • View the user account list and bucket list.
  • Create, modify, and delete buckets and view the list of irreparable objects in those buckets.
  • Power server modules off and on.
  • View messages in the event log except for security event messages.
  • Insert comments into and download the S Series Node internal logs.
The administrator role does not grant permission to:
  • View, create, or manage individual user accounts.
  • View or configure security options.
  • Install or revoke exclusive SSH keys.
  • Store, retrieve, or manage objects in buckets.
  • Perform hardware maintenance procedures or update the HCP S Series operating system and software.
Monitor
Grants permission to use the HCP S Series Management Console and management API to:
  • View S Series Node configuration, status, and current and past storage-usage, system-load, and resource-load statistics.
  • View information about the currently active SSH keys.
  • View the bucket list and the list of irreparable objects in those buckets.
  • View messages in the event log except for security event messages.
  • Insert comments into the S Series Node internal logs.
The monitor role does not grant permission to:
  • Perform configuration activities.
  • View, create, or manage user accounts.
  • View or configure security options.
  • Install or revoke exclusive SSH keys.
  • Create, modify, or delete buckets.
  • Store, retrieve, or manage objects in buckets.
  • Power server modules off or on.
  • Perform hardware maintenance procedures or update the HCP S Series operating system and software.
  • Download the S Series Node internal logs.
Security
Grants permission to use the HCP S Series Management Console and management API to:
  • View, create, and manage user accounts.
  • Configure security options (such as enabling SSH access to the S Series Node and setting password requirements).
  • Install and revoke exclusive SSH keys.
  • View information about the currently active SSH keys.
  • View security event messages in the event log (such as messages about unsuccessful attempts to log in to the HCP S Series Management Console).
  • Insert comments into the S Series Node internal logs.
The security role does not grant permission to:
  • View S Series Node configuration, status, and current and past storage-usage, system-load, and resource-load statistics.
  • View configuration options that are not related to security.
  • Perform configuration activities that are not related to security.
  • View the bucket list or the list of irreparable objects in those buckets.
  • Store, retrieve, or manage objects in buckets.
  • Power server modules off or on.
  • Perform hardware maintenance procedures or update the HCP S Series operating system and software.
  • View messages in the event log that are not related to security.
  • Download the S Series Node internal logs.
Tip: Always have at least two user accounts that have the security role. This configuration ensures that if one of the accounts with the security role becomes disabled, another account that can manage user accounts still exists.
Service
Grants permission to use the HCP S Series Management Console and management API to:
  • View S Series Node configuration, status, and current and past storage-usage, system-load, and resource-load statistics.
  • Perform most configuration activities.
  • Install and revoke exclusive SSH keys.
  • View information about the currently active SSH keys.
  • View the bucket list and the list of irreparable objects in those buckets.
  • Power server modules off or on.
  • Perform hardware maintenance activities (such as replacing a failed drive).
  • Update the HCP S Series operating system and software.
  • View messages in the event log that are not related to security.
  • Insert comments into and download the S Series Node internal logs.
The service role does not grant permission to:
  • View, create, or manage user accounts.
  • View or configure security options.
  • Create, modify, or delete buckets.
  • Store, retrieve, or manage objects in buckets.
Note: You should associate the service role only with user accounts created for authorized service providers.
Data
Grants permission to use the Hitachi API for Amazon S3 (the S3 compatible API) to:
  • Create and manage buckets.
  • View a list of the buckets you own.
  • Store, retrieve, and manage objects in buckets.
With this role, you can also use the Management Console or management API to generate your S3 compatible API access key and secret key.

All users can use the HCP S Series Management Console and management API to change their own passwords.