Dell EqualLogic PS6210E EqualLogic Group Manager Administrator s Guide PS Seri - Page 64
Account Type, Description
View all Dell EqualLogic PS6210E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 64 highlights
Account Type Pool administrator Description Can view the volumes, members, snapshots, and other objects only in the pool or pools for which the account has authorization. They cannot manage members. Optionally, pool administrators can view information about all group objects except NAS clusters. Pool administrators can assign volumes to volume administrators, provided that the pool administrator has access to the pool containing the volumes, and the volume administrator has sufficient free quota space. Pool administrators cannot change the resources to which they have access. Volume administrator Volume administrators are (optionally) assigned a quota of storage to manage within one or more pools. They can create and manage volumes within their quota, and can perform all operations on volumes they own. Volume administrators can also perform the following tasks: • change volumes to which they have access • manage access policies and access policy groups for the volumes under their control • view information only for pools and volumes to which they have access. For security purposes, the volume administrator has a limited view of group and pool configuration settings, and cannot view information, such as the SNMP community name or event log, that might enable them to gain additional access. Volume administrators also cannot view NAS clusters. • assign existing volumes to a volume administrator. If a volume is assigned to another administrator account, the volume administrator can no longer view or modify it. Volume administrators cannot exceed their quotas by creating or modifying volumes, and cannot be assigned volumes by group or pool administrators if the capacity of the volume exceeds the free space within the quota. Volume administrators cannot modify their quotas, reassign volumes to other administrators, or change the pools or replication partners to which they have access. Administrator accounts have the following additional restrictions: • You cannot change the name of an administration account. Instead, you must delete the account and then recreate it with the new name. • Accounts with group administrator privileges can modify the pools for a pool administrator; the volume assignments, pools, quotas, or replication partners for a volume administrator; or enable or disable any account. • Accounts with group administrator privileges can modify the attributes of another group administrator account (including changing it to a read-only account), with the exceptions noted above for the default grpadmin account. • You cannot apply read-only permission to a volume administrator or pool administrator account. Accounts with group administrator privileges can set or remove the read-only flag. • A pool administrator can see all volumes in their pools. The pool administrator can unassign any volume in their pools. However, the pool administrator cannot change any volume administrator's pool access privileges or storage quotas. • An existing account (for example, a group administrator) cannot change its type (for example, to volume administrator or pool administrator). If you need to change the privileges on an account, delete the existing account and create a new one of the desired type. Any account can modify the following attributes of its own account: • Contact name • Description • Email address • Mobile number • Phone number • Password NOTE: Active Directory accounts cannot modify their passwords through Group Manager. 64 About Group-Level Security