Dell EqualLogic PS6210XS EqualLogic Group Manager Administrator s Guide PS Ser - Page 55
Differences Between Authentication Methods, Account Type, Description
View all Dell EqualLogic PS6210XS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 55 highlights
Account Type Volume administrator Description Volume administrators are (optionally) assigned a quota of storage to manage within one or more pools. They can create and manage volumes within their quota, and can perform all operations on volumes they own. Volume administrators cannot exceed their quotas by creating or modifying volumes, and cannot be assigned volumes by group or pool administrators if the capacity of the volume exceeds the free space within the quota. Volume administrators cannot modify their quotas, reassign volumes to other administrators, or change the pools or replication partners to which they have access. Volume administrators can change volumes to which they have access. Volume administrators can manage access policies and access policy groups for the volumes under their control. Volume administrators can view information only for pools and volumes to which they have access. For security purposes, the volume administrator has a limited view of group and pool configuration settings, and cannot view information, such as the SNMP community name or event log, that might enable them to gain additional access. Volume administrators also cannot view NAS clusters. Group and pool administrators can assign existing volumes to a volume administrator. If a volume is assigned to another administrator account, the volume administrator can no longer view or modify it. Administrator accounts have the following additional restrictions: • You cannot change the name of an administration account. Instead, you must delete the account and then recreate it with the new name. • Only group administrator accounts can modify the pools for a pool administrator; the volume assignments, pools, quotas, or replication partners for a volume administrator; or enable or disable any account. • Only a group administrator can modify the attributes of another group administrator account (including changing it to a read-only account), with the exceptions noted above for the default grpadmin account. • You cannot apply read-only permission to a volume administrator or pool administrator account. Only group administrator accounts can set or remove the read-only flag. • A pool administrator can see all volumes in their pools. The pool administrator can unassign any volume in their pools. However, the pool administrator cannot change any volume administrator's pool access privileges or storage quotas. • An existing account (for example, a group administrator) cannot change its type (for example, to volume administrator or pool administrator). If you need to change the privileges on an account, delete the existing account and create a new one of the desired type. Any account can modify the following attributes of its own account: • Contact name • Description • Email address • Mobile number • Phone number • Password NOTE: Active Directory accounts cannot modify their passwords through Group Manager. Differences Between Authentication Methods Depending on the size of your environment, the form of authorization that you choose for administrator accounts can have advantages or disadvantages. Table 14. Differences Between Authentication Methods compares various approaches. About Group-Level Security 55