Create Roles

Use the Create Roles window to define a role by assigning permissions to the role.

Name
Enter a unique name for the role.
Duplicate permissions from
Select a role with permissions that are automatically selected in the Permission list.
Note: You cannot duplicate the permissions from the following default roles: security administrator, engineering, and service.
Permission

You can provide a role with the following permissions:

Arrays and Pools
Create pools and assign arrays
  • Create pools
  • Assign arrays to pools
Manage pools and arrays
  • Rename pools
  • Allow configuration of RAID 5
  • Merge pools and reassign arrays
  • Modify pool thresholds
  • Redistribute volumes in pools
  • Reserve and release arrays
  • Modify pool limit
  • Modify over provisioning limit
  • Modify provisioned capacity limit
  • Merge pools
  • Pause and resume Easy Tier® migration for pools
  • Pause, resume, and reset Easy Tier monitoring for pools
  • Create, delete, and modify ESE/TSE repositories and their thresholds
  • Offload SDO certificate for the system
Delete pools and unassign arrays
  • Unassign arrays
  • Delete pools
  • Generate SDO certificate
IBM Z® Volumes and LSSs
Configure IBM Z volumes and LSSs
Manage IBM Z volumes, LSSs, and aliases
  • Resize IBM Z volumes
  • Rename IBM Z volumes
  • Redistribute and migrate IBM Z volumes
  • Soft fence disable
  • Set path group ID for IBM Z volumes
  • Pause, resume, and reset Easy Tier monitoring for IBM Z volumes
  • Assign IBM Z volumes from or to a drive class
  • Add or remove aliases from IBM Z volumes and LSSs
  • Unfence volumes
Delete and reinitialize IBM Z volumes
  • Delete volumes
  • Reinitialize volumes
Open Systems Volumes
Configure open system volumes
  • Create open system volumes and LSSs
  • Map open system volumes to hosts or clusters
  • Create open system hosts and clusters
  • Map open system volumes from or to a drive class
  • Add and assign open system host ports
  • Assign open system hosts to clusters
Manage open systems configuration
  • Resize open system volumes
  • Rename open system volumes
  • Redistribute and migrate open system volumes
  • Soft fence disable
  • Set path group ID for open system volumes
  • Pause, resume, and reset Easy Tier monitoring for open system volumes
  • Modify LUN mappings of open system hosts
  • Modify I/O port mask of open system hosts
  • Rename open system hosts and clusters
  • Unfence volumes
  • Oracle HARD commands
  • Create, delete, and modify volume groups
Delete open system configuration
  • Unassign hosts from cluster
  • Delete hosts
  • Remove host ports
  • Delete and reinitialize open system volumes
  • Unmap open system volumes from host or cluster
IBM® i Volumes and LSSs
Configure IBM i configuration
  • Create IBM i volumes and LSSs
  • Map IBM i volumes to hosts or clusters
  • Create IBM i hosts and clusters
  • Map IBM i volumes from or to a drive class
  • Add and assign IBM i host ports
  • Assign IBM i hosts to clusters
Manage IBM i configuration
  • Resize IBM i volumes
  • Rename IBM i volumes
  • Redistribute and migrate IBM i volumes
  • Soft fence disable
  • Set path group ID for IBM i volumes
  • Pause, resume, and reset Easy Tier monitoring for IBM i volumes
  • Modify LUN mappings of IBM i hosts
  • Modify I/O port mask of IBM i hosts
  • Rename IBM i hosts and clusters
  • Unfence volumes
  • Oracle HARD commands
  • Create, delete, and modify volume groups
  • Set IBM i serial number suffix
Delete IBM i configuration
  • Unassign hosts from cluster
  • Delete hosts
  • Remove host ports
  • Delete and reinitialize IBM i volumes
  • Unmap IBM i volumes from host or cluster
Local and Remote Access Management
Manage security administrators
This permission is for the security administrator role only.
  • Create, delete, and modify security administrator (secadmin) users
Manage local user accounts
This permission is for the administrator role only.
  • Add users
  • Rename users
  • Remove users
  • Reset user password
  • Unlock users
  • Modify local password rules
Manage user roles
This permission is for the administrator role only.
  • Create user roles
  • Delete user roles
Manage remote authentication
This permission is for the administrator role only.
  • Enable, disable, modify, and test remote authentication
Manage network security
This permission is for the administrator role only.
  • Create signing request
  • Import certificate
  • Create self-signed certificate
  • Enable and disable port 1750 access on the HMC
  • Set security level of GUI, WUI, or NI on the HMC
  • Manage HMC firewall settings
Notifications and Monitoring
Manage SNMP trap notifications
  • Manage SNMP trap notifications with DSCLI
Manage system events
  • Mark events active or inactive
Offload audit log
  • Export and download audit log
Manage call home
  • Modify call home settings
  • Test call home
Manage syslog settings
  • Add and remove syslog servers
Remote Support
Manage Remote Support Center (RSC) connection
  • Enable, disable, and modify RSC connections
Manage Assist On-Site (AoS) connection
  • Enable, disable, and modify AoS connections
Change HMC access settings
  • Change access settings for command line shell access to the HMC
  • Change access settings for modem dial-in and VPN initiation to the HMC
  • Change access settings for Service GUI (WUI) access on the HMC through the Internet or a VPN connection
Troubleshooting
  • Restart HMCs
  • Refresh GUI cache
  • Reset Communication paths and ESSNI
  • Take warmstarts
  • Save GUI logs to HMC
  • Take on-demand-dumps from CLI only via diagsi
  • Close problem record
  • Prepare, activate, and modify FRU
  • Force offline LPAR
System Settings
Manage Fibre Channel port settings
  • Set protocol and topology
  • Force RDP dumps via DSCLI
Manage Fibre Channel port security
  • Configure Fibre Channel ports for IBM Fibre Channel Endpoint Security
Manage system settings
  • Rename system
  • Modify power mode of system
  • Activate licensed functions and PIDs
  • Modify date, time, and NTP settings
  • Set default GUI log-out due to inactivity time
  • Enable, disable, and modify GUI and CLI log-in messages
  • Modify advanced settings
  • Enable and disable Energy Report test mode
  • Enable and disable CUIR support
Install software
  • CSM through DSCLI
Power® off system
  • Power off the system manually
Encryption
Manage data at rest encryption
  • Enable, disable, and modify data at rest encryption
Create data at rest recovery key
This permission is for the security administrator role only.
  • Create data at rest recovery key
Manage Fibre Channel Port Endpoint Security
  • Enable, disable, and modify Fibre Channel Port Endpoint Security
Feature Settings
Modify Ethernet settings
  • Modify Ethernet settings for HMCs
Modify Easy Tier settings
  • Modify system level Easy Tier settings
Modify zHyperLink settings
  • Modify system level zHyperLink settings
Manage resource group settings
  • Create, delete, and modify resource groups
  • Assign and unassign LSSs and volumes
  • Manage scope of users
Manage performance group settings
  • Create, delete, and modify resource groups
  • Assign and unassign volumes
Manage cloud settings
  • Add, modify, and remove cloud servers
FlashCopy®
Manage FlashCopy relationships
  • Commit, remove, resync, reverse, revert, freeze, and thaw relationships
  • Manage remote relationships
Mirroring and Paths
Manage mirroring paths
  • Create and delete mirroring paths, including SCSI and ESCON paths
Manage mirroring relationships
  • Create, delete, fail over, fail back, freeze, thaw, pause, and resume mirroring relationships
  • Create, delete, modify, pause, and resume global mirror sessions
Modify LSS CS settings
  • Modify logical subsystems and logical control units