Role-Based Access Control

The system administrator assigns each account in the Oracle FS System a specific role that defines system privileges for that account.

When you log in to the Oracle FS System with a role with insufficient privileges to perform all of the commands, all of the subcommands, and all of the options in the script, the script fails.

For example, if you create a script to add accounts and if you use an administrator account that has an Administrator 2 role to log in to the Oracle FS System, the script fails. The script fails because only administrators who have Primary Administrator or Administrator 1 roles are authorized to run the account add command.

The following table lists each administrator role and a high-level overview of the privileges that an administrator having the indicated role can perform.
Table 1 Administrator privileges by role
Administrator role Privileges

Primary Administrator

Can perform all configuration, management, and monitoring tasks, including modifying all other accounts. This account cannot be deleted or disabled.

Administrator 1

Can perform all configuration, management, and monitoring tasks except for running commands in the Drive Enclosure console or running commands using the enclosure_console Oracle FS CLI command.

Administrator 2

Can perform all tasks with the following caveats:
  • Cannot create or manage File Servers and administrator accounts

  • Cannot modify software configurations or hardware configurations

  • Cannot shut down the system

  • Cannot run commands in the Drive Enclosure console or run commands using the enclosure_console Oracle FS CLI command

Monitor

Can display system information only; cannot modify the configuration. Administrators using this role can modify their own account attributes.

Oracle Support

Can perform limited customer service-only functions; cannot modify the configuration. This account cannot be deleted or disabled.
Note: Only the Oracle Customer Support personnel can use this account.

Support

Can perform only those functions that are related to customer service; cannot modify the system configuration.