Accounts
Existing Accounts and Passwords can be changed, disabled, or deleted.
Select the account to be changed from the account tree list (left side).
Click Delete Account, Disable Account, Change or Change Password to customize this account [Name, Time zone, Access Control Role policy, etc].
Authentication
Account Authentication [User Name and Password (will not be displayed)] are listed. If Local account authentication has been disabled, that will be indicated.
PKI Authentication
If PKI Authentication has been enabled, the DN (Distinguished Name) and Realm will be displayed.
Account icons:
Local Account
Active Directory Account
AD Group Account
Account Role
Access Key Authentication
Press Change to generate a new access key or to remove an existing key.
Roles (Access Control Groups)
Select the type of Roles permitted for this user or group. The following Administrative roles (Access Control Groups) are predefined.
| Role | Description | Permissions/Access |
|---|---|---|
| Super User | root | All Manager applications and devices. No access to user data. |
| System Administrator | Storage Admin | All Manager functions except the Security tab. No access to user data. |
| Security Officer | Security Admin | Security-only. Add, delete, and modify users. No access to Security vault access permissions, Super User or Security roles, system configuration, operation, or user data. |
| Operator | Storage Operator | All Manager monitoring-only functions. Cannot change the configuration of the system. No access to user data. In addition to monitoring functions, an account assigned the Operator role can access all reports, including configuration of automatic emailing, generation, export, and send by email (when configured). |
| Vault Provisioner | End user | Allows the user the ability to create / delete vaults by using the Provisioning API. No access to any Manager functions. |
| Elastic Device Provisioner | Allows the use of the Preregistration API. | |
| Storage Account Administrator | Allows access to the Storage Account Portal while in Container Mode. This role allows limited access to the IBM Cloud Object Storage Manager Interface. | |
| Service Account | End user | Allows access to the Service API while in Container Mode. This role alone does not grant access to the IBM Cloud Object Storage Manager interface. |
These roles permit the following manager application access:
| Monitor | Configure | Security | Settings |
|---|---|---|---|
| Super User | Super User | Super User | Super User |
| System Administrator | System Administrator | Security Officer | System Administrator |
| Operator | Operator |
The Operator role has visibility to the Monitor tab and to the Reports section in the Settings tab. The Security Officer role has visibility to the Security tab. The default Super User account cannot be deleted.
Vault Authorization
Select the type of Access Authorization permitted for this user or group. Use the Search utility (Vault Type, Tag, and so on) for bulk editing or the page forward and page back arrows to scroll through the list.
Anonymous Access can be granted to a vault, either R/W (read/write/delete) or R (Read Only). [Default = None (no access)]. Otherwise, Owner (read/write/delete), R/W (read/write/delete), or R (Read Only) permissions can be granted to selected user accounts. [Default = None (no access) unless created via the API.]
Click Save to update or Cancel to exit.