Edit local users

Users access a storage system directly using role assignment or indirectly through user group membership.

Prerequisites

  • To perform this operation, you must be the Initial Setup User (set during installation), or SecurityAdmin on all authorized storage systems.
  • Users cannot remove the SecurityAdmin role from themselves.

About this task

See Roles and associated permissions for an overview of the Role-Based Access Control (RBAC) functionality.

This procedure explains how to edit the roles that are associated with a user or group.

To create local users:

Steps

  1. Select Settings icon to open the Settings panel.
  2. Select Users and Groups > Local Users.
  3. Select a user and click Modify.
  4. Optional: Type a new Description.

    The text within the description supports the following characters:

    • a-z
    • A-Z
    • 0-9
    • _
    • -
    • .
    • !
    • @
    • #
    • $
    • %
    • &
    • *
    • (
    • )
    • .
    • ^
  5. On the Roles tab, add or remove from any of the available objects, being sure to not exceed the four roles or object limit.
  6. If you choose a Local Replication, Remote Replication, or a Device Management role, click Select Storage Group(s) and in the edit dialog that opens choose between:
    1. Wildcard—A wildcard syntax used with the storage group component name to allow a single rule to apply to multiple storage groups.

      A simple wildcard syntax can be used with the component name to allow a single rule to apply to multiple SGs as follows:

      abc - Exactly these characters

      ? Any one character

      * Any zero or more characters

      + Zero or more additional occurrences of the previous match

      [a-z0-9] Any of these characters

      [!a-z] Anything but one of these characters

      All SG name comparisons are case-insensitive. The following examples show how they are interpreted:

      Table 1. Wildcard syntax examples
      This pattern Matches these Storage Groups Does not match these Storage Groups
      tg_* tg_DB_SG1 or tg_newSG or TG_sg_db tgNewSG
      prod_sg? prod_sg1 or prod_sga por Prod_sg2 prod_sg12 or prod_sgab
      prod_sg[0-9]+ prod_sg1 or prod_sg12 prod_sga or prod_sgab

      The only allowed characters are: a-zA-Z0-9_- along with the above *+?[]! wildcard characters.

      The only roles that can be assigned against storage groups are: Local Replication, Remote Replication, and Device Management.

      Storage groups do not have to exist at the time that a matching Role-Based Authentication Controls (RBAC) rule for them is defined.

      These storage groups-level RBAC rules are only applicable to parent and stand-alone SGs and not child SGs. Child SGs are protected by the RBAC rules, if any, on their parent SG.

    2. Storage Group
    3. Once your input or selection is complete, click Save.
  7. Click OK.