Roles
Users and groups that are created in the Manager can be assigned roles during the creation process or later.
Every time a user attempts to access a URL, the Manager first checks to see whether the current user has a role with the privilege to view that page. Additionally, certain elements on a page might be hidden if the current user does not have the privilege to view them.
The following roles can be assigned to a user or a group.
| Roles | Description |
|---|---|
|
Super User |
Can perform any action within the Manager except vault read/write. All tabs are accessible within the application. |
|
System Administrator |
Can perform any action within the Manager except security, account management, and vault read/write. Monitor, Configure, and Settings tabs are available. This role has two Access Control List options: Read/write and read-only. By default, the role has read/write access. To limit the role to read-only access, check the box in the Read Only column when assigning the role. |
|
Security Officer |
Can perform security and account management actions within the Manager Web Interface. A Security Officer cannot do the following items:
This role provides access to the Security tab. This role has two Access Control List options: Read/write and read-only. By default, the role has read/write access. To limit the role to read-only access, check the box in the Read Only column when assigning the role. |
|
Operator |
Can perform monitoring actions within the Manager. Only the Monitor tab is available. |
|
Vault Provisioner |
(Vault Mode Only) Can create / delete vaults by using the Provisioning API. This role alone does not grant access to the Manager Web Interface and is only visible on the UI if the Provisioning API is enabled. Note: See Configure Provisioning API.
|
|
Storage Account Administrator |
Allows access to the Storage Account Portal while in Container Mode. |
A Vault User (vault mode only) has read/write or read-only access to Object vaults. This role alone does not grant access to the Manager Web Interface. This role is specified on a per-vault basis and is assigned by granting read or read/write access to a vault. Vault User is only applied to object vaults.
A Service Account (container mode only) must be assigned to all accounts that interact with the Service API.
Multiple roles can be assigned to a single account or group, except you cannot assign a read/write and read-only version of the same role to a single account or group. For example, you cannot assign both the Read Only system administrator role and the system administrator role to the same user. Accounts within a group inherit all roles of the group. If a group is created with a system administrator role assigned and a member of that group is assigned an Operator role, they have the larger set of privileges of the group rather than the Monitor Only view of the Manager.
By clicking the Security page, you can set up accounts and assign roles to those accounts.
When a user logs in to the Manager Web Interface, they see a view that is associated with the roles that are assigned.