- Notes, cautions, and warnings
- Overview of Unisphere
- Functionality supported by each OS type
- Capacity information
- Understanding resource usage
- Login authentication
- Understanding the system health score
- Manage jobs
- Unisphere for PowerMax alert monitoring recommendations
- Alerts
- Server alerts
- Understanding licenses
- Understanding user authorization
- Individual and group roles
- Roles
- User IDs
- Roles and associated permissions
- Roles for performing local and remote replication actions
- RBAC roles for SRDF local and remote replication actions
- RBAC roles for TimeFinder SnapVX local and remote replication actions
- Storage Management
- Understanding storage groups
- Understanding data reduction
- Understanding service levels
- Performance Impact
- Understanding storage templates
- Understanding Storage Resource Pools
- Understanding volumes
- Understanding disk groups
- Host Management
- Understanding hosts
- Understanding masking views
- Understanding port groups
- Understanding initiators
- Understanding PowerPath hosts
- Understanding mainframe management
- Data protection management
- Understanding Snapshot policy
- Understanding SRDF/Metro Smart DR
- Manage remote replication sessions
- Understanding SRDF groups
- Understanding migration
- Understanding Virtual Witness
- Understanding Open Replicator
- Open Replicator session options
- Understanding device groups
- Understanding TimeFinder/Mirror sessions
- Understanding TimeFinder SnapVX
- Understanding Performance Management
- Understanding Unisphere support for VMware
- Understanding eNAS
- Understanding iSCSI
- Understanding NVMe/TCP
- Understanding PowerMax File for storage systems
- Understanding serviceability
- Understanding PowerMax software system profiles and compliance
- Unisphere for PowerMax localized for Japanese market
- Where to get help
Dell Unisphere for PowerMax 10.0.1 Product Guide
Roles and associated permissions
Users gain access to a storage system or component directly through a role assignment or indirectly through membership in a user group that has a role assignment.
The Role Based Access Control (RBAC) feature provides a method for restricting the management operations that individual users or groups of users may perform on storage systems.
The following diagram outlines the role hierarchy.
Roles are assigned as part of the user creation process.
The following tables detail the permissions that are associated with each role in Unisphere.
NOTE: The Unisphere Initial Setup User has all permissions on a storage system until an Administrator or SecurityAdmin is added to the storage system.
The roles (and the acronyms that are used for the roles) in these tables are:
- None—Provides no permissions.
- Monitor (MO)—Performs read-only (passive) operations on a storage system excluding the ability to read the audit log or access control definitions.
- StorageAdmin (SA)—Performs all management (active or control) operations on a storage system and modifies GNS group definitions in addition to all Monitor operations.
- Admininstrator (AD)—Performs all operations on a storage system, including security operations, in addition to all StorageAdmin and Monitor operations.
- SecurityAdmin (SecA)—Performs security operations on a storage system, in addition to all Monitor operations.
- Auditor (AUD)—Grants the ability to view, but not modify, security settings for a storage system(including reading the audit log, symacly list, and symauth) in addition to all Monitor operations. It is the minimum role that is required to view the storage system audit log.
- Performance Monitor (PM)—Includes Monitor role permissions and grants additional privileges within the performance component of the Unisphere application to set up various alerts and update thresholds to monitor storage system performance.
- Local Replication—Performs local replication operations (SnapVX or legacy Snapshot, Clone, BCV). To create Secure SnapVX snapshots a user must have Storage Admin rights at the storage system level. This role also automatically includes Monitor rights.
- Remote Replication—Performs remote replication (SRDF) operations involving devices and pairs. Users can create, operate upon or delete SRDF device pairs but cannot create, modify, or delete SRDF groups. This role also automatically includes Monitor rights.
- Device Management—Grants user rights to perform control and configuration operations on devices.
NOTE: Storage Admin rights are required to create, expand, or delete devices.This role also automatically includes Monitor rights.
NOTE: The RBAC roles for performing local and local and remote replication actions are outlined in
Roles for performing local and remote replication actions.
NOTE: The RBAC roles for SRDF local and remote replication actions are outlined in
RBAC roles for SRDF local and remote replication actions.
NOTE: The RBAC roles for TimeFinder SnapVX local and remote replication actions are outlined in
RBAC roles for TimeFinder SnapVX local and remote replication actions.
| Permissions | AD | SA | MO | SecA | AUD | None | PM |
|---|---|---|---|---|---|---|---|
| Create/delete user accounts | Yes | No | No | Yes | No | No | No |
| Reset user password | Yes | No | No | Yes | No | No | No |
| Create roles | Yes | Yes | No | Yes (self-excluded) | No | No | No |
| Change own password | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Manage storage systems | Yes | Yes | No | No | No | No | No |
| Discover storage systems | Yes | No | No | Yes | No | No | No |
| Add/show license keys | Yes | Yes | No | No | No | No | No |
| Set alerts and Optimizer monitoring options | Yes | Yes | No | No | No | No | No |
| Release storage system locks | Yes | Yes | No | No | No | No | No |
| Set Access Controls | Yes | Yes | No | No | No | No | No |
| Set replication and reservation preferences | Yes | Yes | No | No | No | No | No |
| View and export the storage system audit log | Yes | No | No | Yes | Yes | No | No |
| Access performance data | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Start data traces | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Set performance thresholds/alerts | Yes | Yes | No | No | No | No | Yes |
| Create and manage performance dashboards | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Permissions | |||
|---|---|---|---|
| Local Replication | Remote Replication | Device Management | |
| Create/delete user accounts | No | No | No |
| Reset user password | No | No | No |
| Create roles | No | No | No |
| Change own password | Yes | Yes | Yes |
| Manage storage systems | No | No | No |
| Discover storage systems | No | No | No |
| Add/show license keys | No | No | No |
| Set alerts and Optimizer monitoring options | No | No | No |
| Release storage system locks | No | No | No |
| Set Access Controls | No | No | No |
| Set replication and reservation preferences | No | No | No |
| View the storage system audit log | No | No | No |
| Access performance data | Yes | Yes | Yes |
| Start data traces | Yes | Yes | Yes |
| Set performance thresholds/alerts | No | No | No |
| Create and manage performance dashboards | Yes | Yes | Yes |
| Perform control and configuration operations on devices | No | No | Yes |
| Create, expand, or delete devices | No | No | No |
| Perform local replication operations (SnapVX, legacy Snapshot, Clone, BCV) | Yes | No | No |
| Create Secure SnapVX snapshots | No | No | No |
| Create, operate upon, or delete SRDF device pairs | No | Yes | No |
| Create, modify, or delete SRDF groups | No | No | No |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\