Modifying a user group

Introduction

Users with the Security Administrator role can organize users of the SAN Volume Controller cluster by role through user groups. Administrators can create role-based user groups where any users added to the group adopts the role that is assigned to that group. Roles apply to both local and remote users on the cluster and are based on the user group to which the user belongs. A local user can only belong to a single group; therefore, the role of a local user is defined by the single group that the user belongs to.

You must have the Security Administrator role to modify a user group.

Attributes

The following attributes are displayed:

Name

Displays the name of the user group.

Role

Displays the role that applies to all users within the group. The following values are possible:

Monitor

Users with the monitor role have access to all viewing actions available with the SAN Volume Controller Console. This user cannot perform any actions that change the state of the cluster or the resources that the cluster manages. The user can access all the information-related panels and commands, back up configuration data, change his or her password, and issue the following commands: finderr, dumperrlog, dumpinternallog, ping, and chcurrentuser.

Copy Operator

Users with the copy operator role can manage all existing FlashCopy, Metro Mirror, and Global Mirror relationships. They can also create and delete FlashCopy mappings, FlashCopy consistency groups, Metro Mirror or Global Mirror relationships, and Metro Mirror and Global Mirror consistency groups. In addition, the user can access all the functions available to the Monitor role.

Service

Users with the service role can view the View Clusters panel, launch the SAN Volume Controller Console, and view the progress of actions on clusters with the View Progress panel, begin disk discovery process, and discover and include disks. The user can access the following commands: applysoftware, setlocale, addnode, rmnode, cherrstate, setevent, writesernum, detectmdisk, and includemdisk. A user with this role can also access all the functions available to the Monitor role.

Administrator

Users with the administrator role can access all functions on the SAN Volume Controller Console and issue any command-line interface (CLI) command, except those that deal with managing users, user groups, and authentication.

Security Administrator

Users with the security administrator role can access all functions on the SAN Volume Controller Console and issue any CLI command. Users with this role can also manage users, user groups, and manage user authentication.

Members

Displays the number of users currently assigned to the selected user group.

Remote Visibility

Indicates whether this user group can be used during remote authentication. As part of configuring remote authentication, administrators can configure user groups on the cluster to match the authorization that is provided by the remote authentication service. For each group of users that is defined on the remote authentication service, you can create a corresponding SAN Volume Controller user group with the same name and the Remote Visibility option enabled. For example, if a group of users exist on the remote authentication service called sysadmins, then a corresponding group called sysadmins should be created on SAN Volume Controller cluster with the Administrator role and with remote visibility option enabled. If none of a user's groups on the remote authentication service match the SAN Volume Controller user groups then the user is not permitted to access the cluster. The following values are possible:

Yes

Indicates that this user group can be used during remote authentication.

No

Indicates that this user group cannot be used during remote authentication.

Fields

Actions

The following actions are available:

OK

Click this button to change the properties for the selected user group.

Cancel

Click this button to exit the panel without changing the selected user group.