- Notes, cautions, and warnings
- Introduction to this guide
- PowerScale scale-out NAS
- General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
- Licensing
- Certificates
- Cluster identity
- Cluster date and time
- SMTP email settings
- Configuring the cluster join mode
- File system settings
- Security hardening
- Cluster monitoring
- Monitoring cluster hardware
- Events and alerts
- Cluster maintenance
- SRS Summary
- Access zones
- Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- NIS
- Kerberos authentication
- File provider
- Local provider
- Multi-factor Authentication (MFA)
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
- Managing LDAP providers
- Managing NIS providers
- Managing MIT Kerberos authentication
- Managing file providers
- Managing local users and groups
- Administrative roles and privileges
- Identity management
- Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH and FTP
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
- Data access control
- File sharing
- File sharing overview
- SMB security
- SMB shares in access zones
- SMB Multichannel
- SMB share management through MMC
- SMBv3 encryption
- SMB server-side copy
- SMB continuous availability
- SMB file filtering
- Symbolic links and SMB clients
- Anonymous access to SMB shares
- Managing SMB settings
- Managing SMB shares
- Create an SMB share
- Modify SMB share permissions, performance, or security
- Delete an SMB share
- Limit access to /ifs share for the Everyone account
- Configure anonymous access to a single SMB share
- Configure anonymous access to all SMB shares in an access zone
- Add a user or group to an SMB share
- Configure multi-protocol home directory access
- NFS security
- FTP
- HTTP and HTTPS security
- File filtering
- Auditing
- Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- SnapshotIQ license functionality
- Creating snapshots with SnapshotIQ
- Managing snapshots
- Restoring snapshot data
- Managing snapshot schedules
- Managing snapshot aliases
- Managing with snapshot locks
- Configure SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
- Deduplication with SmartDedupe
- Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
- Replication snapshots
- Data failover and failback with SyncIQ
- Recovery times and objectives for SyncIQ
- Replication policy priority
- SyncIQ license functionality
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
- Managing replication to remote clusters
- Initiating data failover and failback with SyncIQ
- Performing disaster recovery for older SmartLock directories
- Managing replication policies
- Managing replication to the local cluster
- Managing replication performance rules
- Managing replication reports
- Managing failed replication jobs
- Data Encryption with SyncIQ
- Data layout with FlexProtect
- Large file size support
- NDMP backup and recovery
- NDMP backup and recovery overview
- NDMP two-way backup
- NDMP three-way backup
- Support for NDMP sessions on Generation 6 hardware
- Setting preferred IPs for NDMP three-way operations
- NDMP multi-stream backup and recovery
- Snapshot-based incremental backups
- NDMP backup and restore of SmartLink files
- NDMP protocol support
- Supported DMAs
- NDMP hardware support
- NDMP backup limitations
- NDMP performance recommendations
- Excluding files and directories from NDMP backups
- Configuring basic NDMP backup settings
- Managing NDMP user accounts
- NDMP environment variables overview
- Managing NDMP contexts
- Managing NDMP sessions
- Managing NDMP Fibre Channel ports
- Managing NDMP preferred IP settings
- Managing NDMP backup devices
- NDMP dumpdates file overview
- NDMP restore operations
- Sharing tape drives between clusters
- Managing snapshot based incremental backups
- Managing cluster performance for NDMP sessions
- Managing CPU usage for NDMP sessions
- File retention with SmartLock
- SmartLock overview
- Compliance mode
- Enterprise mode
- SmartLock directories
- Replication and backup with SmartLock
- SmartLock license functionality
- SmartLock considerations
- Set the compliance clock
- View the compliance clock
- Creating a SmartLock directory
- Managing SmartLock directories
- Managing files in SmartLock directories
- Set a retention period through a UNIX command line
- Set a retention period through Windows Powershell
- Commit a file to a WORM state through a UNIX command line
- Commit a file to a WORM state through Windows Explorer
- Override the retention period for all files in a SmartLock directory
- Delete a file committed to a WORM state
- View WORM status of a file
- Protection domains
- Data-at-rest-encryption
- Data-at-rest encryption overview
- Self-encrypting drives
- Data security on self-encrypting drives
- Data migrations and upgrades to a cluster with self-encrypting drives
- Enabling external key management
- Migrate nodes and SEDs to external key management
- Chassis and drive states
- Smartfailed drive REPLACE state
- Smartfailed drive ERASE state
- S3 Support
- SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk-usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
- Managing quotas
- Managing quota notifications
- Email quota notification messages
- Managing quota reports
- Basic quota settings
- Advisory limit quota notification rules settings
- Soft limit quota notification rules settings
- Hard limit quota notification rules settings
- Limit notification settings
- Quota report settings
- Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
- Virtual hot spare
- Spillover
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
- Tiers
- File pool policies
- Managing node pools in the web administration interface
- Managing L3 cache from the web administration interface
- Managing tiers
- Creating file pool policies
- Managing file pool policies
- Configure default file pool protection settings
- Default file pool requested protection settings
- Configure default I/O optimization settings
- Default file pool I/O optimization settings
- Modify a file pool policy
- Prioritize a file pool policy
- Create a file pool policy from a template
- Delete a file pool policy
- Monitoring storage pools
- Pool-based tree reporting in FSAnalyze (FSA)
- System jobs
- Networking
- Networking overview
- About the internal network
- About the external network
- Configuring the internal network
- Managing groupnets
- Managing external network subnets
- Managing IP address pools
- Managing SmartConnect Settings
- Managing network interface members
- Managing node provisioning rules
- Managing routing options
- Managing DNS cache settings
- Managing TCP ports
- NFS3oRDMA
- Partitioned Performance Monitoring
- Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Add and connect to a CAVA server
- List or view CAVA servers
- Modify CAVA connection settings
- Disable connection to a CAVA server
- Delete connection to a CAVA server
- Add a job to a CAVA server
- View an IP pool in a CAVA server
- Create an Active Directory authentication provider for the AvVendor access zone
- Update the role in the access zone
- Scan CloudPool files in a CAVA server
- Create an antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
- File System Explorer
PowerScale OneFS Web Administration Guide
Configuration privileges
The configuration privileges that are listed in the following tables either allow the user to perform specific actions or grant no permission, read, execute, or write access to an area of administration on the cluster.
When working with privileges:
Permission types are:
- Grant the parent or top-level privilege before granting subprivileges. Subprivileges initially inherit their properties and permission type from their parent or top-level privileges.
- You can explicitly add subprivileges with less permission than the parent privilege.
- You can change the permission type as appropriate for your requirements.
- No permission (-)
- Read (r)
- Execute (x)
- Write (w)
The following table lists and describes the feature-level (parent) privileges. Feature-level privileges have a parent ID of ISI_PRIV_ZERO and are marked with *. Tables listing the subprivileges for each top-level privilege follow. The permission listed for each privilege is the highest permission allowed.
| Privilege | Description | Permission | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ISI_PRIV_ANTIVIRUS | Configure anti-virus scanning. | Write | ||||||||||
| ISI_PRIV_AUDIT | Configure audit capabilities. | Write | ||||||||||
| ISI_PRIV_CERTIFICATE | Configure cluster TLS certificates. | Write | ||||||||||
| * ISI_PRIV_CLOUDPOOLS | Configure CloudPools. | Write | ||||||||||
| ISI_PRIV_CLUSTER | Configure cluster identity and general settings. | Write | ||||||||||
| ISI_PRIV_CLUSTER_MODE | Set the cluster mode. | Write | ||||||||||
| ISI_PRIV_CONFIGURATION | Configure import/export settings. | Write | ||||||||||
| ISI_PRIV_DEVICES | Create roles and assign privileges. | Write | ||||||||||
| ISI_PRIV_EVENT | View and modify system events. | Write | ||||||||||
| * ISI_PRIV_FILE_FILTER | Configure file filtering settings. | Write | ||||||||||
| ISI_PRIV_FTP | Configure FTP server. | Write | ||||||||||
| ISI_PRIV_GET_SET | View and set per-file OneFS metadata. | Write | ||||||||||
| ISI_PRIV_HARDENING | Harden cluster security profile. | Write | ||||||||||
| * ISI_PRIV_HDFS | Configure HDFS server. | Write | ||||||||||
| ISI_PRIV_HTTP | Configure HTTP server. | Write | ||||||||||
| ISI_PRIV_IPMI | Configure remote IPMI management settings. | Write | ||||||||||
| ISI_PRIV_JOB_ENGINE | Schedule cluster-wide jobs. | Write | ||||||||||
| ISI_PRIV_KEY_MANAGER | Configure key management settings. | Write | ||||||||||
| ISI_PRIV_LICENSE | Activate OneFS software licenses. | Write | ||||||||||
| ISI_PRIV_MONITORING | Register applications monitoring the cluster. | Write | ||||||||||
| ISI_PRIV_NDMP | Configure NDMP server. | Write | ||||||||||
| ISI_PRIV_NETWORK | Configure network interfaces. | Write | ||||||||||
| *ISI_PRIV_NFS | Configure the NFS server. | Write | ||||||||||
| ISI_PRIV_NTP | Configure NTP. | Write | ||||||||||
| ISI_PRIV_PAPI_CONFIG | Configure the platform API and WebUI. | Write | ||||||||||
| ISI_PRIV_PERFORMANCE | Configure performance resource accounting. | Write | ||||||||||
| * ISI_PRIV_QUOTA | Monitor and enforce administrator-defined storage limits. | Write | ||||||||||
| ISI_PRIV_REMOTE_SUPPORT | Configure remote support. | Write | ||||||||||
| * ISI_PRIV_S3 | Configure the S3 server. | Write | ||||||||||
| * ISI_PRIV_SMARTPOOLS | Configure storage pools. | Write | ||||||||||
| * ISI_PRIV_SMB | Configure the SMB server. | Write | ||||||||||
| * ISI_PRIV_SNAPSHOT | Schedule, take, and view snapshots. | Write | ||||||||||
| ISI_PRIV_SNMP | Configure SNMP server. | Write | ||||||||||
| ISI_PRIV_STATISTICS | View file system performance statistics. | Write | ||||||||||
| ISI_PRIV_SWIFT | Configure Swift. | Write | ||||||||||
| * ISI_PRIV_SYNCIQ | Configure SyncIQ. | Write | ||||||||||
| ISI_PRIV_VCENTER | Configure VMware for vCenter. | Write | ||||||||||
| ISI_PRIV_WORM | Configure SmartLock directories. | Write | ||||||||||
Subprivilege tables
The following tables list and describe the subprivileges for feature-level (ISI_PRIV_ZERO) privileges. Subprivileges inherit their privileges from their parent privilege. Some of these subprivileges also have subprivileges and are marked with *. The permission listed for each subprivilege is the highest permission allowed. Subprivilege permissions cannot be higher than their parent privilege permissions.
| Subprivilege | Description | Permission |
|---|---|---|
| ISI_PRIV_CLOUDPOOLS_ACCOUNTS | Configure cloud storage account information and settings. | Write |
| ISI_PRIV_CLOUDPOOLS_CERTIFICATES | Configure cloud storage account certificates. | Write |
| ISI_PRIV_CLOUDPOOLS_POOLS | Configure cloud pools based on cloud accounts. | Write |
| ISI_PRIV_CLOUDPOOLS_PROXIES | Configure proxies for cloud storage access. | Write |
| ISI_PRIV_CLOUDPOOLS_SETTINGS | Configure cloud storage settings. | Write |
| Subprivilege | Description | Permission |
|---|---|---|
| ISI_PRIV_FILE_FILTER_SETTINGS | Configure the file filtering service and filter settings. | Write |
| Subprivilege | Description | Permission | |
|---|---|---|---|
| ISI_PRIV_HDFS_PROXYUSERS | Configure the HDFS proxy users and members. | Write | |
| ISI_PRIV_HDFS_RACKS | Configure the HDFS virtual rack settings. | Write | |
| ISI_PRIV_HDFS_RANGERPLUGIN_SETTINGS | Configure the Ranger plug-in settings. | Write | |
| * ISI_PRIV_HDFS_SETTINGS | Configure the HDFS Service, protocol, and Ambari server settings. | Write | |
| ISI_PRIV_HDFS_FSIMAGE_JOB_SETTINGS | Configure the HDFS FSImage job settings. | Write | |
| ISI_PRIV_HDFS_FSIMAGE_SETTINGS | Configure the HDFS FSImage service settings. | Write | |
| ISI_PRIV_HDFS_INOTIFY_SETTINGS | Configure the HDFS Inotify service settings. | Write | |
| Subprivilege | Description | Permission | |
|---|---|---|---|
| ISI_PRIV_NFS_ALIASES | Configure aliases for export directory names. | Write | |
| ISI_PRIV_NFS_EXPORTS | Configure NFS exports and permissions. | Write | |
| * ISI_PRIV_NFS_SETTINGS | Configure NFS exports and related settings. | Write | |
| ISI_PRIV_NFS_SETTINGS_EXPORT | Configure NFS export and user mapping settings. | Write | |
| ISI_PRIV_NFS_SETTINGS_GLOBAL | Configure NFS global and service settings. | Write | |
| ISI_PRIV_NFS_SETTINGS_ZONE | Configure NFS zone-related settings. | Write | |
| Subprivilege | Description | Permission | |
|---|---|---|---|
| *ISI_PRIV_QUOTA_QUOTAMANAGEMENT | Configure quotas to manage, track, and limit storage of an entity or directory. | Write | |
| ISI_PRIV_QUOTA_QUOTAMANAGEMENT_
EFFICIENCYRATIO |
Configure the ratio of logical space to physical space used. | Write | |
| ISI_PRIV_QUOTA_QUOTAMANAGEMENT_
REDUCTIONRATIO |
Configure the ratio of logical space to physical space post data reduction. | Write | |
| ISI_PRIV_QUOTA_QUOTAMANAGEMENT_
THRESHOLDSON |
Set the threshold size type on which to enforce quota limits. | Write | |
| ISI_PRIV_QUOTA_QUOTAMANAGEMENT_
USAGE_FSPHYSICAL |
Configure the file system physical usage size. | Write | |
| ISI_PRIV_QUOTA_REPORTS | Enable managing, running, and viewing quota reports. | Write | |
| *ISI_PRIV_QUOTA_SETTINGS | Manage quota reporting and notification settings. | Write | |
| ISI_PRIV_QUOTA_SETTINGS_MAPPINGS | Configure quota email mapping settings. | Write | |
| ISI_PRIV_QUOTA_SETTINGS_NOTIFICATIONS | Configure quota notification rule and schedule settings. | Write | |
| ISI_PRIV_QUOTA_SETTINGS_REPORTS | Configure scheduled and manual reporting settings. | Write | |
| ISI_PRIV_QUOTA_SUMMARY | Configure quota-based counts and statistics. | Write | |
| Subprivilege | Description | Permission | |
|---|---|---|---|
| ISI_PRIV_S3_BUCKETS | Configure S3 buckets and ACL. | Write | |
| ISI_PRIV_S3_MYKEYS | Configure S3 key management. | Write | |
| * ISI_PRIV_S3_SETTINGS | Configure S3 global and zone settings. | Write | |
| ISI_PRIV_S3_SETTINGS_GLOBAL | Configure S3 global and service settings. | Write | |
| ISI_PRIV_S3_SETTINGS_ZONE | Configure S3 zone-related settings. | Write | |
| Subprivilege | Description | Permission | ||
|---|---|---|---|---|
| ISI_PRIV_SMARTPOOLS_FILEPOOL_DEFAULT_
POLICY |
Configure the default filepool policy. | Write | ||
| ISI_PRIV_SMARTPOOLS_FILEPOOL_POLICIES | Define filepools based on files and actions. | Write | ||
| ISI_PRIV_SMARTPOOLS_FILEPOOL_
TEMPLATES |
Define preconfigured templates for typical work flows. | Write | ||
| ISI_PRIV_SMARTPOOLS_STATUS | View and manage status of storage pools. | Write | ||
| *ISI_PRIV_SMARTPOOLS_STORAGEPOOL | Configure and view storage pools. | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
NODEPOOLS |
Pool of storage from group of nodes | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
NODETYPES |
Cluster node type. | Write | ||
| *ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
POOLDETAILS |
Storage pools details and usage. | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
POOLDETAILS_USAGE |
Usage details of storage pool. | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
SETTINGS |
Storage and action settings for Smartpools. | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
TIERS |
Storage tiering. | Write | ||
| ISI_PRIV_SMARTPOOLS_STORAGEPOOL_
UNPROVISIONED |
Unprovisioned drives and LNNs. | Write | ||
| Subprivilege | Description | Permission | |
|---|---|---|---|
| ISI_PRIV_SMB_SESSIONS | Active SMB sessions. | Write | |
| * ISI_PRIV_SMB_SETTINGS | View and manage SMB service settings. | Write | |
| ISI_PRIV_SMB_SETTINGS_GLOBAL | Configure SMB global and service settings. | Write | |
| ISI_PRIV_SMB_SETTINGS_SHARE | Configure SMB filter and share settings. | Write | |
| ISI_PRIV_SMB_SHARES | Manage SMB shares and permissions. | Write | |
| Subprivilege | Description | Permission | |
|---|---|---|---|
| ISI_PRIV_SNAPSHOT_ALIAS | Configure snapshot aliases. | Write | |
| ISI_PRIV_SNAPSHOT_PENDING | Upcoming snapshot based on schedules. | Write | |
| ISI_PRIV_SNAPSHOT_RESTORE | Restoring directory to a particular snapshot. | Write | |
| ISI_PRIV_SNAPSHOT_SCHEDULES | Scheduling for periodic snapshots. | Write | |
| ISI_PRIV_SNAPSHOT_SETTING | Service and access settings. | Write | |
| * ISI_PRIV_SNAPSHOT_SNAPSHOTMANAGEMENT | Manual snapshots and locks. | Write | |
| ISI_PRIV_SNAPSHOT_LOCKS | Locking of snapshots from deletion. | Write | |
| ISI_PRIV_SNAPSHOT_SUMMARY | Snapshot summary and usage details. | Write | |
| Subprivilege | Description | Permission | ||
|---|---|---|---|---|
| ISI_PRIV_SYNCIQ_CERTIFICATES_SERVER | Manage server certificates for secure replication. | Write | ||
| ISI_PRIV_SYNCIQ_CERTIFICATES_TARGET | Manage target cluster certificates. | Write | ||
| ISI_PRIV_SYNCIQ_JOBS | Manage ongoing data replication jobs. | Write | ||
| * ISI_PRIV_SYNCIQ_POLICIES | Configure policies and scheduling for data replication between clusters. | Write | ||
| ISI_PRIV_SYNCIQ_POLICY_SOURCENETWORK | Configure the network of the replication source cluster. | Write | ||
| ISI_PRIV_SYNCIQ_REPORTS | Manage SyncIQ policy and job reports. | Write | ||
| ISI_PRIV_SYNCIQ_RULES | Configure SyncIQ performance rule limits and schedules. | Write | ||
| * ISI_PRIV_SYNCIQ_SETTINGS | Configure SyncIQ service, policy and report settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_SERVICE | Configure the SyncIQ service settings. | Write | ||
| * ISI_PRIV_SYNCIQ_SETTINGS_REPORT_
SETTINGS |
SyncIQ report settings | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_REPORT_
SETTINGS_REPORT_MAX_AGE |
Configure the SyncIQ report maximum age settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_REPORT_
SETTINGS_REPORT_MAX_ COUNT |
Configure the SyncIQ maximum report count settings. | Write | ||
| * ISI_PRIV_SYNCIQ_SETTINGS_GLOBAL_SETTINGS | Configure the SyncIQ global settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_GLOBAL_
SETTINGS_CLUSTER_ CERTIFICATE_ID |
Configure the SyncIQ cluster certificate for global settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_GLOBAL_
SETTINGS_ENCRYPTION_ REQUIRED |
Configure the global SyncIQ encryption settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_GLOBAL_
SETTINGS_PREFERRED_ RPO_ALERT |
Configure the global SyncIQ preferred RPO alert settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_GLOBAL_
SETTINGS_RPO_ALERTS |
Configure the global SyncIQ RPO alert settings. | Write | ||
| * ISI_PRIV_SYNCIQ_SETTINGS_DEFAULT_
POLICY_SETTINGS |
Configure the default SyncIQ policy settings. | Write | ||
| ISI_PRIV_SYNCIQ_SETTINGS_DEFAULT_
POLICY_SETTINGS_RESTRICT_TARGET_ NETWORK |
Configure the default SyncIQ policy for restricted targets network settings. | Write | ||
| ISI_PRIV_SYNCIQ_TARGET_POLICIES | Manage the SyncIQ target policies for the cluster . | Write | ||
| ISI_PRIV_SYNCIQ_TARGET_REPORTS | Manage the SyncIQ target reports and details. | Write | ||
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\