User management
Use the role-based user restrictions and user management information for IBM Storage Fusion HCI System.
IBM Storage Fusion HCI System user interface is configured with OpenShift® Container Platform to have a single sign-on. For the first time
login to IBM Storage Fusion HCI System user interface and OpenShift Container Platform web management console, use the
kubeadmin
, which is the default user for both. To authenticate the default user
login, use the password that got generated during the installation of IBM Storage Fusion HCI System.
Role-based user configuration
Role-based access control (RBAC) objects determine whether a user is allowed to do an action within a project. By using role-based access control, you can set the resources and permissions available to a user. Role can be assigned to a user or group with role bindings. Role binding has the mapping of a role to a user or user group. You can bind your users to the following two default OpenShift cluster level roles:cluster-admin
A super-user that can do any action in any project. When bound to a user with a local binding, they have full control over quota and every action on every resource in the project.
view
A user who cannot do any modifications, but can see most of the objects in a project. They cannot view or modify roles or bindings.
cluster-admin
role and delete the
default kubeadmin
user. For more information about roles, see OpenShift Container Platform documentation at Default cluster roles.
cluster-admin
user roles.
You
can also configure with the following different identity providers: - Configure identify providers.
- LDAP
- Configure your organizations LDAP with OpenShift to access IBM Storage Fusion HCI System user interface. For the more information and procedure, see Configuring an LDAP identity provider.
- httpasswd
- Configure httpassword identity provider to create users that can access OpenShift and IBM Storage Fusion HCI System user interface. To configure the user with httpasswd identity provider, see https://docs.openshift.com/container-platform/4.15/authentication/identity_providers/configuring-htpasswd-identity-provider.html.
Note: Users configured with identity providers must log in while navigating from IBM Storage Fusion HCI System user interface to other integrated applications like Red Hat® OpenShift and IBM Storage Scale ECE. - Bind your user to a role or to a group. The user or group can have
cluster-admin
orview
roles. - Log in to IBM Storage Fusion HCI System user interface by using the newly created or added user.
To know more about OpenShift Container Platform RBAC, see Using RBAC to define and apply permissions.
For more information about authentication and authorization, see OpenShift Container Platform documentation at Understanding authentication.
User interface page or menu option | Cluster-admin | View user |
---|---|---|
Events |
|
|
Applications |
|
|
Backup policies |
|
|
page |
|
|
page |
|
|
page. |
|
|
page. |
|
|
From the title bar, click the help icon and select Collect support logs. |
|
|
App Switcher icon in title bar > Storage outbound arrow |
|
|
Disaster recovery |
|
|
Services |
|
|
Applications icon in title bar >OpenShift outbound arrow | For more information about the permissions of the role, see Using RBAC to define and apply permissions. Note: Menu option
is available to navigate to OpenShift
console with same login credentials.
|