User roles

The Hardware Management Console provides numerous tasks that can be performed on the Hardware Management Console itself and on the various system resources that it is managing. Not all tasks are intended for all Hardware Management Console users. For this reason, the HMC provides an initial set of roles that group these tasks and resources into sets that align with a set of traditional Hardware Management Console user classifications.

Prior to version 2.13.0, there were two types of Hardware Management Console roles: task roles and managed resource roles. Task roles group tasks into sets that make sense for specific classifications of users. Likewise, managed resource roles group specific types or instances of system resources that specific classes of users are allowed to manage. In version 2.13.0, with the User Management task, a single role can contain any combination of tasks, types of objects or specific objects resources, groups, and task lists. Thus, the system administrator can customize a single role for a user or group of users that contains all the permissions necessary.

The Hardware Management Console ships the following default roles:

Table 1. System default managed resource roles (excluding ensemble-related managed resources roles)
Managed resource role Hardware Management Console version Description
All Directors/Timers Managed Objects 2.12.1 and lower Allows access to both defined and undefined Director/Timer managed resources.
All Fiber Saver Managed Objects 2.12.1 and lower Allows access to both defined and undefined Fiber Saver managed resources.
All Resources 2.12.0 and higher Allows access to all defined and undefined managed objects (includes all objects of all types).
All Managed Objects 2.9.0 through 2.10.2 Allows access to all Defined CPC, Undefined CPC, CPC Image, and Coupling Facility managed resources.
All zCPC Managed Objects 2.11.0 through 2.12.1 Allows access to all Defined CPC, Undefined CPC, CPC Image, and Coupling Facility managed resources.
Note: With the addition of Ensembles, this role was renamed from All Managed Objects
All System Managed Objects 2.13.0 and higher Allows access to all Defined CPC, Undefined CPC, Defined zBX Nodes, Undefined zBX Nodes, CPC Image, and Coupling Facility managed resources.
Note: With the addition of zBX Nodes, this role was renamed from All zCPC Managed Objects
Defined Directors/Timers Managed Objects 2.12.1 and lower Allows access to defined Director/Timer managed resources.
Defined Fiber Saver Managed Objects 2.12.1 and lower Allows access to defined Fiber Saver managed resources.
Defined zCPC Managed Objects 2.11.0 through 2.12.1 Allows access to all Defined CPC, CPC Image, and Coupling Facility managed resources.
Defined System Managed Objects 2.13.0 and higher Allows access to all Defined CPC, Defined zBX Nodes, CPC Image, and Coupling Facility managed resources.
Note: With the addition of zBX Nodes, this role was renamed from Defined zCPC Managed Objects
Limited Managed Objects 2.10.2 and lower Allows access to all Defined CPC and CPC Image
Storage Administrator Objects 2.14.1 and later Cloud Adapter, Defined CPC, FCP Storage Group, FCP Tape Link, FICON Adapter, FICON Storage Group, NVMe Adapter, NVMe Storage Group, Tape Library
z/VM® Virtual Machine Objects 2.14.1 and lower Allows access to all defined z/VM virtual machine objects.

Table 2. System default ensemble-related managed resource roles
Managed resource role HMC version Description
All Resources 2.12.0 through 2.15.0 Allows access to all defined and undefined managed objects (includes all objects of all types).
BladeCenter Objects 2.14.1 and lower Allows access to blade center objects.
DPXI50z Blade Objects 2.14.1 and lower Allows access to DataPower® XI50z blade objects.
Ensemble Object 2.14.1 and lower Allows access to the ensemble object.
IBM® Blade Objects 2.14.1 and lower Allows access to general purpose IBM blade objects.
IBM Blade Virtual Server Objects 2.14.1 and lower Allows access to blade virtual server objects.
Storage Resource Objects 2.11.0 through 2.15.0 Allows access to storage resource objects.
Virtual Network Objects 2.14.1 through 2.15.0 Allows access to ensemble-related virtual network objects.
Workload Objects 2.11.0 through 2.15.0 Allows access to workload objects.

Table 3. System default task roles (excluding ensemble-related task roles)
Task Role HMC version Description
Access Administrator Director/Timer Tasks 2.12.1 and lower Administrative tasks for Director/Timer managed resources.
Access Administrator Fiber Saver Tasks 2.12.1 and lower Administrative tasks for Fiber Saver managed resources.
Access Administrator Tasks All Administrative tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources.
Advanced Operator Tasks All Advanced operational tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources.
CIM Actions 2.13.1 and lower Tasks that are used for automation through CIM.
Operator Tasks All Operational tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources.
Service Fiber Saver Tasks 2.12.1 and lower Service related tasks for Fiber Saver managed resources.
Service Representative Director/Timer Tasks 2.12.1 and lower Service related tasks for Director/Timer managed resources.
Service Representative Tasks All Service related tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources.
Storage Administrator Objects 2.14.0 and higher Administrative tasks for configuring storage on DPM-enabled systems
System Programmer Tasks All System Programmer tasks for the HMC, CPC, CPC Image, and Coupling Facility managed resources.
Universal Director/Timer Tasks 2.12.1 and lower Director/Timer tasks that are allowed for all users.
Universal Fiber Saver tasks 2.12.1 and lower Fiber Saver tasks that are allowed for all users.
z/VM Virtual Machine Tasks 2.14.1 and lower All tasks relating to z/VM virtual machine images.

Table 4. System default ensemble-related task roles
Task Role HMC version Description
Energy Management Administrator Tasks 2.11.0 and higher Administrative tasks for managing power related settings for CPC, BladeCenter, and Blade managed resources.
Ensemble Administrator Tasks 2.11.0 and higher Tasks that are used for creating and managing the ensemble.
Performance Management Administrator Tasks 2.11.0 and higher Administrative tasks for managing performance policies for the ensemble.
Performance Management Operator Tasks 2.11.0 and higher Operational tasks for performance policies.
Policy Administrator Tasks 2.14.1 and lower Administrative tasks for managing performance and availability policies for the ensemble.
Note: With the addition of Availability Policies, this role was renamed from Performance Management Administrator Tasks.
Policy Operator Tasks 2.14.1 and lower Operational tasks for performance and availability policies.
Note: With the addition of Availability Policies, this role was renamed from Performance Management Operator Tasks.
Storage Resource Administrator Tasks 2.11.0 and higher Administrative tasks for managing storage resources in the ensemble.
Virtual Network Administrator Tasks 2.14.1 and lower Administrative tasks that are used for managing virtual networking objects in the ensemble.
Virtual Server Administrator Tasks 2.14.1 and lower Administrative tasks for managing virtual servers in the ensemble.
Virtual Server Operator Tasks 2.14.1 and lower Operational tasks for virtual server managed resources.
Workload Administrator Tasks 2.11.0 and higher Administrative tasks for managing workload resources in the ensemble.

The system administrator can use the User Management task (or Customize User Controls task for Hardware Management Console version 2.12.1 or earlier) to define new tasks or managed resource roles that make sense in the environment. Likewise, as previously mentioned, the User Management task (or the User Profiles task for Hardware Management Console version 2.12.1 or earlier) associates one or more roles with a specific user.