Administrators can be granted privileges by assigning custom roles to them. A role is a collection of privileges that you can assign to an administrator. You may want to create various administrator and operator roles, with different authorization levels. Staff members should be assigned any role that is suitable for their needs, without assigning unnecessary privileges.
The use of roles is more secure than the use of shared full-access administrator passwords, such as giving everyone the root password. Roles restrict users to defined sets of authorizations. In addition, user roles are traceable to individual usernames in the audit logs. By default, a role called "Basic administration" exists, which contains a minimum of authorizations.
Administrative users can be:
Local users – Where all account information is saved on the ZFSSA.
Directory users – Where existing NIS or LDAP accounts are used and supplemental authorization settings are saved on the ZFSSA. This lets existing NIS/LDAP users log in and administer the ZFSSA but existing NIS/LDAP users cannot log into the ZFSSA by default. Access must be explicitly granted to the ZFSSA.