Rather than use a single sysadmin account to administer Ops Center, you can assign local users to a group that has administrative privileges. For Active Directory users, you can assign appropriate roles to the group. For local users only, the built-in opscenter-administrators group grants full administrative privileges.
The portal has two types of roles (also known as privileges):
- Portal-level: global roles that control access to functions within the Ops Center portal. The opscenter-user role permits users to log in to the Ops Center portal and access the Inventory tab. The opscenter-system-administrator role permits users to access all the portal tabs and create local users, add groups, and assign roles (even at the product-level). This role should not be assigned lightly.
- Product-level: roles specific to each product. For example, Administrator has roles called StorageAdministrator, SystemAdministrator, and SecurityAdministrator that control access to different functions in the Administrator UI. Members of the local opscenter-administrators group have default roles assigned that permit access to all Ops Center products.