Manage roles and permissions

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

You can use Device Manager - Storage Navigator to view existing user groups and to create, modify, or delete them.

Before creating or editing user groups, read and understand the following precautions:

  • When a user is assigned to multiple user groups, the user has the permissions of all the roles in each user group that are enabled on the resource groups assigned to each user group.
  • If a user has All Resource Groups Assigned set to Yes, the user can access all the resources in the storage system. For example, if a user is a security administrator and a storage administrator taking care of some resources, have all resource groups assigned, and has roles of Security Administrator (View & Modify) and Storage Administrator (View & Modify), the user can modify storage system settings for all the resources.

    If this is a problem, the recommended solution is to register the following two user accounts in the storage system and use these different accounts for different purposes:

    • A security administrator user account that has All Resource Groups Assigned set to Yes.
    • A storage administrator user account that does not have all resource groups assigned and has only some of the resource groups assigned.
  • For the user groups whose roles are other than the Storage Administrator, All Resource Groups Assigned is automatically set to Yes. If you delete all the roles except the Storage Administrator, reassign resource groups to the user group because All Resource Groups Assigned is automatically set to No. To assign resource groups to the user group, see Changing assigned resource groups.
  • Regardless of assigned roles, users in a user group to which no resource groups are assigned cannot modify storage system settings.
  • Security settings that affect the entire system is configured by the administrator.
  • Resource group 10 is configured by user A.
  • Resource group 20 is configured by user B.

To implement the above configuration, assign the users to the user groups as shown below.

User User group to be registered Roles to be assigned to the user group Resource group to be assigned to user group
Administrator user group 1 Security Administrator (View & Modify) All Resource Groups Assigned1
User A user group 10 Storage Administrator2 Resource group 10
User B user group 20 Storage Administrator2 Resource group 20
Notes:
  1. For the user group that is assigned the Security Administrator role, All Resource Groups Assigned is automatically set to Yes.
  2. There are a few types of storage administrators. For more information, see Roles and permissions.