User roles
The Hardware Management Console provides numerous tasks that can be performed on the Hardware Management Console itself and on the various system resources that it is managing. Not all tasks are intended for all Hardware Management Console users. For this reason, the HMC provides an initial set of roles that group these tasks and resources into sets that align with a set of traditional Hardware Management Console user classifications.
Prior to version 2.13.0, there were two types of Hardware Management Console roles: task roles and managed resource roles. Task roles group tasks into sets that make sense for specific classifications of users. Likewise, managed resource roles group specific types or instances of system resources that specific classes of users are allowed to manage. In version 2.13.0, with the User Management task, a single role can contain any combination of tasks, types of objects or specific objects resources, groups, and task lists. Thus, the system administrator can customize a single role for a user or group of users that contains all the permissions necessary.
The Hardware Management Console ships the following default roles:
Managed resource role | Hardware Management Console version | Description |
---|---|---|
All Directors/Timers Managed Objects | 2.12.1 and lower | Allows access to both defined and undefined Director/Timer managed resources. |
All Fiber Saver Managed Objects | 2.12.1 and lower | Allows access to both defined and undefined Fiber Saver managed resources. |
All Resources | 2.12.0 and higher | Allows access to all defined and undefined managed objects (includes all objects of all types). |
All Managed Objects | 2.9.0 through 2.10.2 | Allows access to all Defined CPC, Undefined CPC, CPC Image, and Coupling Facility managed resources. |
All zCPC Managed Objects | 2.11.0 through 2.12.1 | Allows access to all Defined CPC, Undefined
CPC, CPC Image, and Coupling Facility managed resources. Note: With
the addition of Ensembles, this role was renamed from All Managed
Objects
|
All System Managed Objects | 2.13.0 and higher | Allows access to all Defined CPC, Undefined
CPC, Defined zBX Nodes, Undefined zBX Nodes, CPC Image, and Coupling
Facility managed resources. Note: With the addition of zBX Nodes, this
role was renamed from All zCPC Managed Objects
|
Defined Directors/Timers Managed Objects | 2.12.1 and lower | Allows access to defined Director/Timer managed resources. |
Defined Fiber Saver Managed Objects | 2.12.1 and lower | Allows access to defined Fiber Saver managed resources. |
Defined zCPC Managed Objects | 2.11.0 through 2.12.1 | Allows access to all Defined CPC, CPC Image, and Coupling Facility managed resources. |
Defined System Managed Objects | 2.13.0 and higher | Allows access to all Defined CPC, Defined zBX
Nodes, CPC Image, and Coupling Facility managed resources. Note: With
the addition of zBX Nodes, this role was renamed from Defined zCPC
Managed Objects
|
Limited Managed Objects | 2.10.2 and lower | Allows access to all Defined CPC and CPC Image |
Storage Administrator Objects | 2.14.1 and later | Cloud Adapter, Defined CPC, FCP Storage Group, FCP Tape Link, FICON Adapter, FICON Storage Group, NVMe Adapter, NVMe Storage Group, Tape Library |
z/VM® Virtual Machine Objects | 2.14.1 and lower | Allows access to all defined z/VM virtual machine objects. |
Managed resource role | HMC version | Description |
---|---|---|
All Resources | 2.12.0 through 2.15.0 | Allows access to all defined and undefined managed objects (includes all objects of all types). |
BladeCenter Objects | 2.14.1 and lower | Allows access to blade center objects. |
DPXI50z Blade Objects | 2.14.1 and lower | Allows access to DataPower® XI50z blade objects. |
Ensemble Object | 2.14.1 and lower | Allows access to the ensemble object. |
IBM® Blade Objects | 2.14.1 and lower | Allows access to general purpose IBM blade objects. |
IBM Blade Virtual Server Objects | 2.14.1 and lower | Allows access to blade virtual server objects. |
Storage Resource Objects | 2.11.0 through 2.15.0 | Allows access to storage resource objects. |
Virtual Network Objects | 2.14.1 through 2.15.0 | Allows access to ensemble-related virtual network objects. |
Workload Objects | 2.11.0 through 2.15.0 | Allows access to workload objects. |
Task Role | HMC version | Description |
---|---|---|
Access Administrator Director/Timer Tasks | 2.12.1 and lower | Administrative tasks for Director/Timer managed resources. |
Access Administrator Fiber Saver Tasks | 2.12.1 and lower | Administrative tasks for Fiber Saver managed resources. |
Access Administrator Tasks | All | Administrative tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources. |
Advanced Operator Tasks | All | Advanced operational tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources. |
CIM Actions | 2.13.1 and lower | Tasks that are used for automation through CIM. |
Operator Tasks | All | Operational tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources. |
Service Fiber Saver Tasks | 2.12.1 and lower | Service related tasks for Fiber Saver managed resources. |
Service Representative Director/Timer Tasks | 2.12.1 and lower | Service related tasks for Director/Timer managed resources. |
Service Representative Tasks | All | Service related tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources. |
Storage Administrator Objects | 2.14.0 and higher | Administrative tasks for configuring storage on DPM-enabled systems |
System Programmer Tasks | All | System Programmer tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources. |
Universal Director/Timer Tasks | 2.12.1 and lower | Director/Timer tasks that are allowed for all users. |
Universal Fiber Saver tasks | 2.12.1 and lower | Fiber Saver tasks that are allowed for all users. |
z/VM Virtual Machine Tasks | 2.14.1 and lower | All tasks relating to z/VM virtual machine images. |
Task Role | HMC version | Description |
---|---|---|
Energy Management Administrator Tasks | 2.11.0 and higher | Administrative tasks for managing power related settings for CPC, BladeCenter, and Blade managed resources. |
Ensemble Administrator Tasks | 2.11.0 and higher | Tasks that are used for creating and managing the ensemble. |
Performance Management Administrator Tasks | 2.11.0 and higher | Administrative tasks for managing performance policies for the ensemble. |
Performance Management Operator Tasks | 2.11.0 and higher | Operational tasks for performance policies. |
Policy Administrator Tasks | 2.14.1 and lower | Administrative tasks for managing performance and availability policies for
the ensemble. Note: With the addition of Availability Policies, this role was renamed from
Performance Management Administrator Tasks.
|
Policy Operator Tasks | 2.14.1 and lower | Operational tasks for performance and availability policies. Note: With the
addition of Availability Policies, this role was renamed from Performance Management Operator
Tasks.
|
Storage Resource Administrator Tasks | 2.11.0 and higher | Administrative tasks for managing storage resources in the ensemble. |
Virtual Network Administrator Tasks | 2.14.1 and lower | Administrative tasks that are used for managing virtual networking objects in the ensemble. |
Virtual Server Administrator Tasks | 2.14.1 and lower | Administrative tasks for managing virtual servers in the ensemble. |
Virtual Server Operator Tasks | 2.14.1 and lower | Operational tasks for virtual server managed resources. |
Workload Administrator Tasks | 2.11.0 and higher | Administrative tasks for managing workload resources in the ensemble. |
The system administrator can use the User Management task (or Customize User Controls task for Hardware Management Console version 2.12.1 or earlier) to define new tasks or managed resource roles that make sense in the environment. Likewise, as previously mentioned, the User Management task (or the User Profiles task for Hardware Management Console version 2.12.1 or earlier) associates one or more roles with a specific user.