User roles
A user role is a set of privileges that is assigned to a user or user group to allow the user or user group to perform certain tasks and manage certain sessions.
To be assigned to a role, each user or group of users must have a valid user ID or group ID in the user registry on the management server.
Both individual users and a group of users can be assigned to a role. All users in a group are assigned the role of the group. If a user is assigned to one role as an individual and a different role as a member of a group, the user has access to the permissions of the role that has greater access.
Restricting access to sessions prevents unwarranted administrative access. This is especially useful in an open environment, where there can be many storage administrators who are responsible for their servers, applications, databases, file systems, and so on.
By default, the user that was defined during installation is granted access to Copy Services Manager and assigned to the Administrator role.
Copy Services Manager provides a set of predefined user roles: Monitor, Operator, and Administrator.
Monitor
Monitors can view the health and status in the Copy Services Manager GUI and CLI; however, they cannot modify or perform any commands or actions.
- All storage systems and storage system details
- All connections and connection details
- All sessions and session details
- All path information
- Management server status and details
Operator
- Adding or removing a session. The user ID that created the session is automatically granted access to manage that session.
- Performing actions on an assigned session, such as start, flash, terminate, and suspend.
- Modifying session properties.
- Adding copy sets to a session. The session operator can add volumes to a copy set only when the volume is not protected and not in another session.
- Removing copy sets from a session.
- Adding Peer To Peer Remote Copy (PPRC) paths, and removing paths with no hardware relationships.
PPRC paths are a common resource used in Copy Services Manager sessions and also in a
DS8000® storage system relationship that is established
between two common logical subsystems (LSSs).Notes:
- The session operator cannot issue a force removal of a path.
- A path can also be auto-generated when starting a session.
- Monitoring health and status, including viewing the following
information:
- All storage systems and storage system details
- All connections and connection details
- All sessions and session details
- All path information
- Management server status and details
Administrator
- Granting permissions to users and groups of users.
- Adding or removing a session. The user ID that created the session is automatically granted access manage that session.
- Performing actions on all sessions, such as start, flash, terminate, and suspend.
- Modifying session properties.
- Adding and removing copy sets from a session. The administrator can add volumes to a copy set only when the volume is not protected and not in another session.
- Protecting volumes and removing volume protection.
- Adding or removing storage system connections.
- Modifying connection properties.
- Assigning or changing storage system locations.
- Adding PPRC paths and removing paths with no hardware relationships. PPRC paths are a common
resource used in Copy Services Manager sessions and also
in a
DS8000 storage-system relationship that is established
between two common logical subsystems (LSSs).Note: A path can also be auto-generated when starting a session.
- Managing management servers. The standby management server is a common resource that is available to multiple sessions.
- Packaging program error (PE) log files.
- Monitoring health and status, including viewing the following information:
- All storage systems and storage system details
- All connections and connection details
- All sessions and session details
- All path information
- Management server status and details
For information on assigning and modifying user roles, see Managing security.