You can add users, user groups (groups), and assign user roles (realm roles or roles) to user groups in VSP One File management software using Keycloak.
A group can be assigned one or more roles, and users in a group inherit all roles assigned to that group. There are 10 preconfigured groups that inherit 10 preconfigured roles. For example, the administrator group inherits the administrator role. The preconfigured roles cannot be modified or deleted.
The following table shows the preconfigured user roles in Keycloak:
Role | Access level description |
---|---|
Administrator | Can perform all operations in File Administrator and System Administrator. |
Administrator read-only | Has read-only access to File Administrator and System Administrator. |
Backup and replication manager | Can perform the following operations in File Administrator:
|
Backup and replication manager read-only | Has read-only access to NDMP, replication services, and data migration. |
File services manager | Can perform the following operations in File Administrator:
|
File services manager read-only | Has read-only access to EVS, file systems, and file systems protocols. |
Security administrator | Can perform all operations in Keycloak and System Administrator. |
Security administrator read-only | Has read-only access to Keycloak and System Administrator. |
Storage manager | Can perform the following tasks in File Administrator:
|
Storage manager read-only | Has read-only access to storage drives and system pools. |
Note: A user assigned to the security administrator (secadmin) role should not be assigned to any other role.
In Keycloak, you can add users in two ways:
The VSP One File management software ships with three preconfigured local users called admin, secadmin, and secadminro assigned with the role of administrator, security administrator, and security administrator read-only.
Note: You should sign-in at least once as User ID: admin, secadmin, and secadminro using the default Password: nasadmin to change the password for each user when prompted.