The RBAC (role-based access control) capabilities enforced on the storage array include pre-defined user profiles with one or more roles mapped to them. Each role includes permissions for accessing tasks in
ThinkSystem System Manager
.
User profiles and mapped roles are accessible from
in the user interface of either
System Manager
.
The roles provide user access to tasks, as follows:
- Storage admin – Full read/write access to the storage objects (for example, volumes
and disk pools), but no access to the security configuration.
- Security admin – Access to the security configuration in Access Management, certificate
management, audit log management, and the ability to turn the legacy
management interface (SYMbol) on or off.
- Support admin – Access to all hardware resources on the storage array, failure
data, MEL events, and controller firmware upgrades. No access to storage
objects or the security configuration.
- Monitor – Read-only
access to all storage objects, but no access to the security configuration.
If a user does not have permissions for a certain task, that task is either grayed out or does not display in the user interface.