Precautions when working with user groups

System Administrator Guide for VSP 5000 Series

Part Number

Before creating or manipulating user groups, read and understand the following precautions.

  • When a user is assigned to multiple user groups, the user has the permissions of all the roles in each user group that are enabled on the resource groups assigned to each user group.
  • If a user has All Resource Groups Assigned set to Yes, the user can access all the resources in the storage system. For example, if a user is a security administrator and a storage administrator taking care of some resources, have all resource groups assigned, and has roles of Security Administrator (View & Modify) and Storage Administrator (View & Modify), the user can edit the storage for all the resources.

    If this is a problem, the recommended solution is to register the following two user accounts in the storage system and use these different accounts for different purposes:

    • A security administrator user account that has All Resource Groups Assigned set to Yes.
    • A storage administrator user account that does not have all resource groups assigned and has only some of the resource groups assigned.
  • For the user groups whose roles are other than the Storage Administrator, All Resource Groups Assigned is automatically set to Yes. If you delete all the roles except the Storage Administrator, reassign resource groups to the user group because All Resource Groups Assigned is automatically set to No.