Create Roles
Use the Create Roles window to define a role by assigning permissions to the role.
- Name
- Enter a unique name for the role.
- Duplicate permissions from
- Select a role with permissions that are automatically selected in the
Permission list.Note: You cannot duplicate the permissions from the following default roles: security administrator, engineering, and service.
- Permission
-
You can provide a role with the following permissions:
- Arrays and Pools
-
- Create pools and assign arrays
-
- Create pools
- Assign arrays to pools
- Manage pools and arrays
-
- Rename pools
- Allow configuration of RAID 5
- Merge pools and reassign arrays
- Modify pool thresholds
- Redistribute volumes in pools
- Reserve and release arrays
- Modify pool limit
- Modify over provisioning limit
- Modify provisioned capacity limit
- Merge pools
- Pause and resume Easy Tier® migration for pools
- Pause, resume, and reset Easy Tier monitoring for pools
- Create, delete, and modify ESE/TSE repositories and their thresholds
- Offload SDO certificate for the system
- Delete pools and unassign arrays
-
- Unassign arrays
- Delete pools
- Generate SDO certificate
- IBM Z® Volumes and LSSs
-
- Configure IBM Z volumes and LSSs
- Manage IBM Z volumes, LSSs, and aliases
-
- Resize IBM Z volumes
- Rename IBM Z volumes
- Redistribute and migrate IBM Z volumes
- Soft fence disable
- Set path group ID for IBM Z volumes
- Pause, resume, and reset Easy Tier monitoring for IBM Z volumes
- Assign IBM Z volumes from or to a drive class
- Add or remove aliases from IBM Z volumes and LSSs
- Unfence volumes
- Delete and reinitialize IBM Z volumes
-
- Delete volumes
- Reinitialize volumes
- Open Systems Volumes
-
- Configure open system volumes
-
- Create open system volumes and LSSs
- Map open system volumes to hosts or clusters
- Create open system hosts and clusters
- Map open system volumes from or to a drive class
- Add and assign open system host ports
- Assign open system hosts to clusters
- Manage open systems configuration
-
- Resize open system volumes
- Rename open system volumes
- Redistribute and migrate open system volumes
- Soft fence disable
- Set path group ID for open system volumes
- Pause, resume, and reset Easy Tier monitoring for open system volumes
- Modify LUN mappings of open system hosts
- Modify I/O port mask of open system hosts
- Rename open system hosts and clusters
- Unfence volumes
- Oracle HARD commands
- Create, delete, and modify volume groups
- Delete open system configuration
-
- Unassign hosts from cluster
- Delete hosts
- Remove host ports
- Delete and reinitialize open system volumes
- Unmap open system volumes from host or cluster
- IBM® i Volumes and LSSs
-
- Configure IBM i configuration
-
- Create IBM i volumes and LSSs
- Map IBM i volumes to hosts or clusters
- Create IBM i hosts and clusters
- Map IBM i volumes from or to a drive class
- Add and assign IBM i host ports
- Assign IBM i hosts to clusters
- Manage IBM i configuration
-
- Resize IBM i volumes
- Rename IBM i volumes
- Redistribute and migrate IBM i volumes
- Soft fence disable
- Set path group ID for IBM i volumes
- Pause, resume, and reset Easy Tier monitoring for IBM i volumes
- Modify LUN mappings of IBM i hosts
- Modify I/O port mask of IBM i hosts
- Rename IBM i hosts and clusters
- Unfence volumes
- Oracle HARD commands
- Create, delete, and modify volume groups
- Set IBM i serial number suffix
- Delete IBM i configuration
-
- Unassign hosts from cluster
- Delete hosts
- Remove host ports
- Delete and reinitialize IBM i volumes
- Unmap IBM i volumes from host or cluster
- Local and Remote Access Management
-
- Manage security administrators
- This permission is for the security administrator role only.
- Create, delete, and modify security administrator (secadmin) users
- Manage local user accounts
- This permission is for the administrator role only.
- Add users
- Rename users
- Remove users
- Reset user password
- Unlock users
- Modify local password rules
- Manage user roles
- This permission is for the administrator role only.
- Create user roles
- Delete user roles
- Manage remote authentication
- This permission is for the administrator role only.
- Enable, disable, modify, and test remote authentication
- Manage network security
- This permission is for the administrator role only.
- Create signing request
- Import certificate
- Create self-signed certificate
- Enable and disable port 1750 access on the HMC
- Set security level of GUI, WUI, or NI on the HMC
- Manage HMC firewall settings
- Notifications and Monitoring
-
- Manage SNMP trap notifications
-
- Manage SNMP trap notifications with DSCLI
- Manage system events
-
- Mark events active or inactive
- Offload audit log
-
- Export and download audit log
- Manage call home
-
- Modify call home settings
- Test call home
- Manage syslog settings
-
- Add and remove syslog servers
- Remote Support
-
- Manage Remote Support Center (RSC) connection
-
- Enable, disable, and modify RSC connections
- Manage Assist On-Site (AoS) connection
-
- Enable, disable, and modify AoS connections
- Change HMC access settings
-
- Change access settings for command line shell access to the HMC
- Change access settings for modem dial-in and VPN initiation to the HMC
- Change access settings for Service GUI (WUI) access on the HMC through the Internet or a VPN connection
- Troubleshooting
-
- Restart HMCs
- Refresh GUI cache
- Reset Communication paths and ESSNI
- Take warmstarts
- Save GUI logs to HMC
- Take on-demand-dumps from CLI only via diagsi
- Close problem record
- Prepare, activate, and modify FRU
- Force offline LPAR
- System Settings
-
- Manage Fibre Channel port settings
-
- Set protocol and topology
- Force RDP dumps via DSCLI
- Manage Fibre Channel port security
-
- Configure Fibre Channel ports for IBM Fibre Channel Endpoint Security
- Manage system settings
-
- Rename system
- Modify power mode of system
- Activate licensed functions and PIDs
- Modify date, time, and NTP settings
- Set default GUI log-out due to inactivity time
- Enable, disable, and modify GUI and CLI log-in messages
- Modify advanced settings
- Enable and disable Energy Report test mode
- Enable and disable CUIR support
- Install software
-
- CSM through DSCLI
- Power® off system
-
- Power off the system manually
- Encryption
-
- Manage data at rest encryption
-
- Enable, disable, and modify data at rest encryption
- Create data at rest recovery key
- This permission is for the security administrator role only.
- Create data at rest recovery key
- Manage Fibre Channel Port Endpoint Security
-
- Enable, disable, and modify Fibre Channel Port Endpoint Security
- Feature Settings
-
- Modify Ethernet settings
-
- Modify Ethernet settings for HMCs
- Modify Easy Tier settings
-
- Modify system level Easy Tier settings
- Modify zHyperLink settings
-
- Modify system level zHyperLink settings
- Manage resource group settings
-
- Create, delete, and modify resource groups
- Assign and unassign LSSs and volumes
- Manage scope of users
- Manage performance group settings
-
- Create, delete, and modify resource groups
- Assign and unassign volumes
- Manage cloud settings
-
- Add, modify, and remove cloud servers
- FlashCopy®
-
- Manage FlashCopy relationships
-
- Commit, remove, resync, reverse, revert, freeze, and thaw relationships
- Manage remote relationships
- Mirroring and Paths
-
- Manage mirroring paths
-
- Create and delete mirroring paths, including SCSI and ESCON paths
- Manage mirroring relationships
-
- Create, delete, fail over, fail back, freeze, thaw, pause, and resume mirroring relationships
- Create, delete, modify, pause, and resume global mirror sessions
- Modify LSS CS settings
-
- Modify logical subsystems and logical control units