Chapter 6. Administering User Accounts; User Groups - IBM DS8000 User Manual

Hide thumbs Also See for DS8000:

Manual (5 pages)

User manual (80 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

Table of Contents

Chapter 6. Administering user accounts

The topics in this section provide information related to administering your

DS8000 user accounts. If you have administrator level privileges, you can add a

new user account, delete an existing user account, or modify the user name,

password, and group for a user account. There might be times when users forget

the password that they use to access the DS Storage Manager. After going beyond

the set number of allowable attempts with the wrong password, the account is

locked. The administrator can unlock a user account. If the Admin account is

locked, the administrator must use the security recovery utility tool. If you do not

have administrator level privileges, your account administration privileges are

limited to entering a new password for your own user ID.

User Groups

User groups (or roles) are a level of access that is assigned by the administrator,

which allows users to perform certain functions. User groups are created using the

DS Storage Manager or the CLI.

When a user account is created, the administrator must specify an initial password

for the account. This initial password expires immediately which means that the

account users must change the password before they are allowed to perform any

other actions. This is also true for all account roles, including Administrators.

The user must be assigned to at least one group or role. Users can be assigned to

multiple groups or combinations of groups. Groups with the label No Access

(only) cannot be selected in combination with another group.

Administrators can make the following user group assignments (Table 3 on page 92

provides specific capabilities for each user group):

Administrator (only)

Physical operator (only)

Logical operator

Copy Services Operator

Must be the only assigned group. This user group has the highest level of

authority. It allows a user to add or remove user accounts. This group has

access to all service functions and DS8000 resources.

Must be the only assigned group. This user group allows access to

resources that are related to physical configuration, including storage

complex, storage unit, storage image, management console, arrays, ranks,

and extent pools. The physical operator group does not have access to

security functions.

Can be assigned in combination with the Copy Services operator group,

but not in combination with any other group. This group has access to

resources that relate to logical volumes, hosts, host ports, logical

subsystems, and volume groups, excluding security functions.

Can be assigned in combination with the Logical operator group, but not

in combination with any other group. This group has access to all Copy

Services service functions and resources, excluding security functions.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Chapter 6. Administering User Accounts; User Groups - IBM DS8000 User Manual

Chapter 6. Administering user accounts

User Groups

Hide quick links:

Related Manuals for IBM DS8000

Related Content for IBM DS8000

Table of Contents