No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Administrator Guide

OceanStor V3 Series V300R006

This document is applicable to OceanStor 2200 V3, 2600 V3, 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18500 V3, and 18800 V3. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Levels, Roles, and Permission

User Levels, Roles, and Permission

To prevent misoperations from compromising the storage system stability and service data security, the storage system defines user levels and roles to determine user permission and scope of permission. Before using this document, check the level and role of your account to know your permission.

Definition of User Levels and Roles

  • Level: determines whether a user has operation or access permission.

    The storage system defines three user levels, as described in Table 1-1.

    Table 1-1 User levels

    Level

    Description

    Super administrator

    A super administrator has full administrative permissions on the storage device, and is able to create users of all levels.

    Administrator

    An administrator has partial administrative permissions on the storage device but cannot manage users, upgrade the storage device, modify the system time, restart the device, or power off the device.

    Read-only user

    A read-only user has only the access permission on the storage device. After logging in to the storage device, read-only users can only query information about the storage device.

    NOTE:

    The storage system supports a maximum of 32 system users, among which a maximum of two super administrators can be created.

  • Role: defines the scope of objects that can be operated or accessed by a user.

    The storage system provides both built-in and user-defined roles.

    • Built-in roles are preset in the storage system with certain permission. Table 1-2 describes the built-in roles in detail.
    • User-defined roles allow users to configure the scope of permission as required. For user-defined roles, see Permission Matrix for Self-defined Roles (Applicable to V300R006C20 and Earlier Versions) and Permission Matrix for Self-defined Roles (Applicable to V300R006C30 and Later).

      To support permission control in vStore scenarios, the storage system divides the built-in roles into the system group and vStore group.

    • vStore group: The roles are used only when the user logs in to DeviceManager using a vStore account.
    • System group: The roles are used only when the user logs in to DeviceManager using a system account.
      Table 1-2 Built-in roles

      Built-in Role

      Function Group

      Scope of Permission

      Super administrator

      System group

      All permissions over the system

      Administrator

      System group

      All permissions except user management and security configuration

      Security administrator

      System group

      Permission for managing system security configurations, including security rules, certificates, audit, KMC, and compliance clocks

      Network administrator

      System group

      Permission for managing system network resources, including physical ports and failover groups

      SAN resource administrator

      System group

      Permission for managing SAN resources, including storage pools, LUNs, mapping views, hosts, and ports

      NAS resource administratora

      System group

      Permission for managing NAS resources, including storage pools, file systems, file servers, authenticated users, networks, quota trees, and shares

      Data protection administrator

      System group

      Permission for managing data protection, including local data protection, remote data protection, and HyperMetro data protection

      Backup administrator

      System group

      Permission for managing data backup, including local data and mapping views

      Maintenance administrator

      System group

      Permission for querying except user management and security configuration

      vStore administrator

      vStore group

      All vStore management permissions

      vStore data protection administrator

      vStore group

      Permission for managing vStore data protection, including local data protection, remote data protection, and HyperMetro data protection for vStores

      vStore protocol administrator

      vStore group

      Permission for managing vStore protocols, including authenticated users and shares of vStores

      a: The OceanStor 2600 V3 video surveillance edition storage system does not support this role.

Figure 1-1 User roles and permission

Querying the Current User's Permission

You can perform the following operations to query the permission and scope of the current account.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Permission Settings > User Management.
  3. Query the current user's Level and Role in the middle pane and determine the user permission and scope according to Table 1-1, Table 1-2, Permission Matrix for Self-defined Roles (Applicable to V300R006C20 and Earlier Versions), and Permission Matrix for Self-defined Roles (Applicable to V300R006C30 and Later).
NOTE:
  • Super administrators can view the information about all users on the device.
  • Administrators or read-only users can only view their own information.

For example, in Figure 1-2, the role and level of the safe_admin_reader user are Security administrator and Read-only user, respectively. According to Table 1-1 and Table 1-2, the user has the permission to query the security rules, certificates, audits, KMC, antivirus function, data destruction function, and compliance clock. To modify the user level and role, see Managing User Levels and Customizing User Roles.

Figure 1-2 Information of the current user

Download
Updated: 2019-07-12

Document ID: EDOC1000138854

Views: 38597

Downloads: 2091

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next