Adding an SMU user (an administrator)

Storage System User Administration Guide for Hitachi NAS Platform

Part Number

Use NAS Manager to add SMU user accounts for HNAS servers. For systems with NAS modules, use the maintenance utility or an external NAS Manager to create and manage user accounts.

  1. Navigate to Home > SMU Administration > SMU Users to display the SMU Users page.
  2. Click add to display the Add SMU User page:

    Field/Item Description
    Name The name of the new user account. This name will be requested when logging in to the SMU. The rules for user names are:
    • For Global administrators only, if the user will access the SMU through the CLI, the user name:
      • Must start with a letter or an underscore, and may consist of up to 31 alphanumeric characters and the underscore (_) and the hyphen (-).
      • Cannot match certain special purpose names: root, manager, postgres, nobody, or nfsnobody.
      • Cannot match certain special purpose user ID numbers: for example, those with uid less than 502.
    • For all types of administrators, if the user will access the SMU only through NAS Manager, the user name may consist of alphanumeric characters and/or the underscore (_), the hyphen (-), the equal sign (=), parentheses "(" or ")", brackets ( [ or ] ), the pound sign (#) and the exclamation point (!).
    • Supervisor is a reserved system user name. It is not available as a new user name.
    Note: If you are using RADIUS realms, and the global administrator will access the SMU using both NAS Manager and the CLI, use the underscore (_) to combine the user name and the realm: for example, johnsmith_realm2. If the global administrator will access the SMU using only NAS Manager, you can use the at sign (@) to combine the user name and the realm: for example, johnsmith@realm3.
    User Type The user type is either local or RADIUS.
    • Local users are those whose passwords are locally defined and authenticated in the SMU.
    • RADIUS users are those whose passwords are defined and authenticated in an external RADIUS servers. The RADIUS administrator must add a user name and password to all RADIUS servers.

    Enter the password that will be used when this user account logs in. The password cannot exceed 256 characters.

    This field only applies when the User Type is selected to Local. It does not apply when the RADIUS User Type is selected.

    Confirm Password

    Confirm the password entered in the previous field by entering it in again. Only applies when the Local User type is selected.

    User Level Specify the level for the new administrator that you are creating. You can select any one of the following:
    • Global Administrators can manage everything in the system: file systems, file services, or file system related features and functions, storage devices and their components. Also, the Global Administrator creates and manages SMU user profiles (Server Administrators, Storage Administrators, Server+Storage Administrators, and other Global Administrators). Global Administrators also control what servers and storage devices each administrator can access.
    • Storage Administrators manage storage devices, as specified in the administrator profile created by the Global Administrator.

      Storage Administrators can manage only storage devices and their components (racks, physical disks, SDs, and storage pools). Storage Administrators cannot manage file systems, file services, or file system related features and functions, and they cannot manage users.

    • Server Administrators manage servers and clusters, as specified in the administrator profile created by the Global Administrator. Server Administrators cannot manage storage devices.

      Server Administrators can manage file systems and file services such as CIFS Shares, NFS Exports, and they can manage file system related features and functions such as snapshots, quotas, and migration policies and schedules.

    • Server+Storage Administrators manage servers, clusters, and storage devices, as specified in the administrator profile created by the Global Administrator.

      Server+Storage administrators can manage everything Server Administrators and Storage Administrators can manage: file systems, file services, or file system related features and functions, and they can also manage storage devices and their components.

    Note: Server Administrators, Storage Administrators, and Server+Storage Administrators cannot access all of the NAS Manager pages that a Global Administrator can access.
    Read-Only User

    Defines the user as read-only. A read-only user may be given Global, Server, Storage or Server+Storage access. Based on their defined role, an individual user may or may not perform specific tasks, such as viewing, creating, or modifying files and data. A read-only user has permission to view most pages of the NAS Manager; however, they are not generally allowed to perform any actions that would trigger a system or configuration change.

    Note: Read-only users can not access the CLI, and a user with CLI access may not be read-only. If either of these options is checked, the other one is disabled.
    SMU CLI Access (for Global Administrators only) If the administrator is allowed to log in and access the SMU CLI of an external SMU, select the SMU CLI Access check box.
    Available Managed Servers

    For Server administrators, Storage administrators, and Server+Storage administrators, lists the servers managed by the SMU to which the administrator has not yet been given management privileges. Not available for Global administrators, because Global administrators are allowed to manage all storage and all servers.

    Selected Managed Servers

    For Server administrators, lists the servers that the administrator can manage. Note that a Server administrator cannot manage the storage attached to these servers. Not available for Global administrators, because Global administrators are allowed to manage all storage and all servers.

    For Storage administrators, lists servers that have attached storage that the administrator can manage. Note that a Storage administrator cannot manage these servers, only the storage attached to these servers.

    For Server+Storage administrators, lists servers that the administrator can manage. The Server+Storage administrator can also manage the storage attached to these servers.

  3. Enter the user name for the new administrator in the Name field.
  4. Specify if the administrator login is authenticated locally (by the SMU) or by a RADIUS server by selecting the appropriate User Type.
    Note: If you are authenticating this user through a RADIUS server, the Password and Confirm Password fields are not available, and you should skip the next step. You must enter the user passwords into the RADIUS server using the tools available for that server.
  5. If the User Type is local, specify the initial login password for the new administrator by filling in the Password and the Confirm Password fields.
  6. Specify the user level for the new administrator that you are creating.
    You can select one of the following:
    • Global
    • Storage
    • Server
    • Server+Storage
  7. For Global Administrators only, if the administrator is allowed to log in and access the SMU command line interface (CLI) of an external SMU, select the SMU CLI Access check box.
  8. Using the Available Servers and the Selected Servers lists, specify the servers the administrator can access or the servers with the storage the administrator can manage.
    • To grant management privileges for a server or the storage attached to a server, move the server from the Available Servers list to the Selected Servers list.
    • To revoke management privileges for a server or the storage attached to a server, move the server from the Selected Servers list to the Available Servers list.
    • To move the server between the Available Servers and the Selected Servers lists, select the server, and use the arrow buttons between the lists.
  9. Review the profile, and verify that it is correct.
    • If the profile is correct, click OK to save and enable the user profile, and then return to return to the SMU Users page.
    • To return to the SMU Users page without saving the profile, click back.