User accounts and roles

To access an HPE Primera and 3PAR Storage system, you must have a user account. Each HPE Storage OS user is assigned a role, and each role is assigned a set of rights. The roles and rights that are assigned to the user determine which tasks the user can perform.

Standard roles

Browse. Rights are limited to read-only access. There are some exceptions for the Browse role. For more information about rights corresponding to the Browse role, see HPE Storage OS Command Line Interface Reference Guide.

Edit. Rights are granted to most operations, for example creating, editing, and removing virtual volumes and other objects.

Super. Rights are granted to all operations.

Service. Rights are limited to operations that are required to service the system. This role allows limited access to user information and user group resources.

IMPORTANT:

A user with Super role can now create and edit CPGs, Virtual volumes, hosts, Remote Copy groups in all the defined domains including No Domain.

A user with Edit role who is authorized for one or more of the defined domains (except for No Domain), can edit but cannot create some of the mentioned objects in that domain by default. However, a user with Edit role who is authorized for No domain can create and edit these objects inNo Domain and all the other defined domains.

For more information about rights corresponding to Standard roles, see HPE Storage OS Command Line Interface Reference Guide.

Extended roles

The extended roles define a set of rights optimized for users with specialized or restricted tasks. For example, assigning a user the Create role allows the user to create virtual volumes and other objects. The role does not allow the user to remove virtual volumes.

Create. Rights are limited to creating objects, for example creating virtual volumes, common provisioning groups, hosts, and schedules.

Basic Edit. Basic edit rights are similar to the edit role, for example creating and editing virtual volumes and other objects. However, the rights to remove objects are more restrictive than for the edit role.

3PAR AO. Rights are limited to use by Hewlett Packard Enterprise for Adaptive Optimization operations.

3PAR RM. Rights are limited to use by Hewlett Packard Enterprise for Recovery Manager operations.

You can use HPE SSMC to perform many Security User tasks.

Learn more: Security screens, views, and actions summary.