No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Administrator Guide

OceanStor 2800 V5 V500R007

This document is applicable to OceanStor 2800 V5. Routine maintenance activities are the most common activities for the storage device, including powering on or off the storage device, managing users, modifying basic parameters of the storage device, and managing hardware components. This document is intended for the system administrators who are responsible for carrying out routine maintenance activities, monitoring the storage device, and rectifying common device faults.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Levels, Roles, and Permission

User Levels, Roles, and Permission

To prevent misoperations from compromising the storage system stability and service data security, the storage system defines user levels and roles to determine user permission and scope of permission. Before using this document, check the level and role of your account to know your permission.

Definition of User Levels and Roles

  • Level: determines whether a user has operation or access permission.

    The storage system defines three user levels, as described in Table 1-1.

    Table 1-1 User levels



    Super administrator

    A super administrator has full administrative permissions on the storage device, and is able to create users of all levels.


    An administrator has partial administrative permissions on the storage device but cannot manage users, upgrade the storage system, modify the system time, restart the device, or power off the device.

    Read-only user

    A read-only user has only the access permission on the storage device. After logging in to the storage device, read-only users can only query information about the storage device.


    The storage system supports a maximum of 32 system users, among which a maximum of two super administrators can be created.

  • Role: defines the scope of objects that can be operated or accessed by a user.

    The storage system provides both built-in and user-defined roles.

    • Built-in roles are preset in the storage system with certain permission. Table 1-2 describes the built-in roles in detail.
    • User-defined roles allow users to configure the scope of permission as required.
      Table 1-2 Built-in roles

      Built-in Role

      Function Group

      Scope of Permission

      Super administrator

      System group

      All permissions over the system


      System group

      All permissions except user management and security configuration

      Security administrator

      System group

      Permission for managing system security configurations, including security rules, certificates, audit, KMC, and compliance clocks

      Network administrator

      System group

      Permission for managing system network resources, including physical ports and failover groups

      SAN resource administrator

      System group

      Permission for managing SAN resources, including storage pools, LUNs, mapping views, hosts, and ports

      Data protection administrator

      System group

      Permission for managing data protection, including local data protection and remote data protection

      Backup administrator

      System group

      Permission for managing data backup, including local data and mapping views

Figure 1-1 User roles and permission

Querying the Current User's Permission

You can perform the following operations to query the permission and scope of the current account.


  1. Log in to DeviceManager.
  2. Choose Settings > Permission Settings > User Management.
  3. Query the current user's Level and Role in the middle pane and determine the user permission and scope according to Table 1-1 and Table 1-2.
  • Super administrators can view the information about all users on the device.
  • Administrators or read-only users can only view their own information.

For example, in Figure 1-2, the role and level of the safe_admin_reader user are Security administrator and Read-only user, respectively. According to Table 1-1 and Table 1-2, the user has the permission to query the security rules, certificates, audits, KMC, antivirus function, data destruction function, and compliance clock. To modify the user level and role, see Managing User Levels.

Figure 1-2 Information of the current user
Updated: 2019-07-11

Document ID: EDOC1000181576

Views: 18374

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next