Modifying user groups

You can modify existing user groups that are used to organize users of the SAN Volume Controller cluster by role. Administrators can change properties of user groups by using the Modifying User Groups panel in the SAN Volume Controller Console

You must have the Security Administrator role to create, delete, or change a user group.

This task assumes that you have already launched the SAN Volume Controller Console. To change the properties of a user group, complete the following steps:

  1. In the portfolio, click Manage Authentication > User Groups . The Viewing User Groups panel is displayed.
  2. Select the user group that you want to change and select Modify a Group from the task list. Click Go. The Modifying User Group panel is displayed.
  3. Select the role that all users adopt when they are added to this user group. The following roles can be selected:
    Monitor
    Select this role if you want the user to access all viewing actions available with the SAN Volume Controller Console. This user cannot perform any actions that change the state of the cluster or the resources that the cluster manages. The user can access all the information-related panels and commands, back up configuration data, change his or her password, and issue the following commands: finderr, dumperrlog, dumpinterallog, and chcurrentuser.
    Copy Operator
    Select this role if you want the user to manage all existing FlashCopy®, Metro Mirror, and Global Mirror relationships. They can also create and delete FlashCopy mappings, FlashCopy consistency groups, Metro Mirror or Global Mirror relationships, and Metro Mirror and Global Mirror consistency groups. In addition, the user can access all the functions available to the Monitor role.
    Service
    Select this role if you want the user to view the View Clusters panel, launch the SAN Volume Controller Console, and view the progress of actions on clusters with the View Progress panel, begin disk discovery process, and discover and include disks. The user can access the following commands: applysoftware, setlocale, addnode, rmnode, cherrstate, setevent, writesernum, detectmdisk, and includemdisk. A user with this role can also access all the functions available to the Monitor role.
    Administrator
    Select this role if you want the user to access all functions on the SAN Volume Controller Console and issue any command-line interface (CLI) command, except those that deal with managing users, user groups, and authentication.
    Security Administrator
    Select this role if you want the user to access all functions on the SAN Volume Controller Console and issue any CLI command. Users with this role can also manage users, user groups, and manage user authentication.
  4. Select Enable this user group to be visible to a remote authentication service if you want the user group to match the access that is defined in user groups on a remote authentication service. Security administrators can control what user groups can match the access of user groups on the remote authentication service. When SAN Volume Controller Console authenticates a remote user, it requests a list of groups that the user belongs to from the remote authentication service. The system then assigns a role to the remote user based on whether there is an existing user group on the SAN Volume Controller with the same name and if that user group allows remote visibility. When these criteria are met, the SAN Volume Controller assigns the role based on the user group role specification. If the user is a member of multiple groups that match multiple roles, the user is given the most powerful role. In the case where a user has a combination of Copy Operator and Service roles, the SAN Volume Controller assigns both roles to the user.
  5. Click OK.
Parent topic: User groups
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.