Dell PowerStore 1000T EMC PowerStore Security Configuration Guide - Page 10

User account management based on role privileges

Get Dell PowerStore 1000T PDF manuals and user guides View all Dell PowerStore 1000T manuals
Add to My Manuals
Save this manual to your list of manuals

Page 10 highlights

Task Operator Add a file virus checker, or modify or delete a specified file virus checker, or upload a specified file virus checker configuration Download a specified file virus checker configuration Add an SMB or NFS server, or modify, delete, join or unjoin a specified SMB or NFS server Add an SMB share, or modify or delete a specified SMB share Add an NFS export, or modify or delete a specified NFS export Add a file interface, or modify or delete a specified file interface Add a file interface route, or modify or delete a specified file interface route Add a file DNS, file FTP, file Kerberos, file LDAP, file NDMP, or file NIS server, or modify or delete a specified file DNS, file FTP, file Kerberos, file LDAP, file NDMP, or file NIS server Upload a file Kerberos keytab Download a file Kerberos keytab Upload a file LDAP configuration or LDAP certificate Download of a file LDAP certificate VM Administrator Security Administrator Storage Administrator Administrator User account management based on role privileges A user with either an Administrator or Security Administrator role can do the following with regards to user account management: • Create a new user account. • Delete any user account except the built-in Administrator account. NOTE: The built-in Administrator account cannot be deleted. • Change another user to any role. • Reset another user's password. • Lock or unlock another user account. NOTE: Logged-in users with either an Administrator or Security Administrator role cannot lock their own account. Logged-in users cannot delete their own user account. Also, with the exception of users with either the Security Administrator or Administrator role, Logged-in users can only change their own password. Users must provide their old password to change their password. Logged-in users cannot reset their own password, change their own role, or lock or unlock their own accounts. The built-in Administrator account profile (with Administrator role) cannot be edited and cannot be locked. When either a user's role or lock status is changed, the user is deleted, or its password is changed by a Security Administrator or an Administrator, all sessions tied to that user are invalidated. 10 Authentication and access

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
Task
Operator
VM
Administrator
Security
Administrator
Storage
Administrator
Administrator
Add a file virus checker, or modify
or delete a specified file virus
checker, or upload a specified file
virus checker configuration
Download a specified file virus
checker configuration
Add an SMB or NFS server, or
modify, delete, join or unjoin a
specified SMB or NFS server
Add an SMB share, or modify or
delete a specified SMB share
Add an NFS export, or modify or
delete a specified NFS export
Add a file interface, or modify or
delete a specified file interface
Add a file interface route, or modify
or delete a specified file interface
route
Add a file DNS, file FTP, file
Kerberos, file LDAP, file NDMP, or
file NIS server, or modify or delete a
specified file DNS, file FTP, file
Kerberos, file LDAP, file NDMP, or
file NIS server
Upload a file Kerberos keytab
Download a file Kerberos keytab
Upload a file LDAP configuration or
LDAP certificate
Download of a file LDAP certificate
User account management based on role privileges
A user with either an Administrator or Security Administrator role can do the following with regards to user account management:
Create a new user account.
Delete any user account except the built-in Administrator account.
NOTE:
The built-in Administrator account cannot be deleted.
Change another user to any role.
Reset another user's password.
Lock or unlock another user account.
NOTE:
Logged-in users with either an Administrator or Security Administrator role cannot lock their own account.
Logged-in users cannot delete their own user account. Also, with the exception of users with either the Security Administrator or
Administrator role, Logged-in users can only change their own password. Users must provide their old password to change their password.
Logged-in users cannot reset their own password, change their own role, or lock or unlock their own accounts.
The built-in Administrator account profile (with Administrator role) cannot be edited and cannot be locked.
When either a user's role or lock status is changed, the user is deleted, or its password is changed by a Security Administrator or an
Administrator, all sessions tied to that user are invalidated.
10
Authentication and access