Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.x ... » Oracle^® ZFS Storage Appliance ... » Configuring the Appliance » Configuring Users » Understanding Users and Roles

Updated: November 2018

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Document Information

About Oracle ZFS Storage Appliance

Configuring the Appliance

Initial Appliance Configuration

Appliance Cluster Configuration

Cluster Configuration BUI View

Upgrading a Standalone Appliance to a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (CLI)

Cluster Terminology

Understanding Clustering

Cluster Advantages and Disadvantages

Cluster Interconnect I/O

Cluster Resource Management

Cluster Takeover and Failback

Configuration Changes in a Clustered Environment

Clustering Considerations for Storage

Clustering Considerations for Networking

Private Local IP Interfaces

Clustering Considerations for InfiniBand

Preventing Split-Brain Conditions

Estimating and Reducing Takeover Impact

Network Configuration

Network Configuration (BUI)

Network Configuration (CLI)

Working with Network Configuration

Configuring Management Interfaces

Configuring Network Datalinks

Configuring Network Interfaces

Configuring Network IP MultiPathing (IPMP)

Configuring Network Performance and Availability

Configuring Network Routing

Configuring Storage

Creating a Storage Pool (BUI)

Creating a Storage Pool (CLI)

Importing an Existing Storage Pool (BUI)

Importing an Existing Storage Pool (CLI)

Configuring an All-Flash Storage Pool (BUI)

Configuring an All-Flash Storage Pool (CLI)

Adding a Disk Shelf to an Existing Storage Pool (BUI)

Adding a Disk Shelf to an Existing Storage Pool (CLI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (BUI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (CLI)

Removing a Cache or Log Device from an Existing Storage Pool (BUI)

Removing a Cache or Log Device from an Existing Storage Pool (CLI)

Unconfiguring a Storage Pool (BUI)

Unconfiguring a Storage Pool (CLI)

Renaming a Storage Pool (BUI)

Renaming a Storage Pool (CLI)

Scrubbing a Storage Pool (BUI)

Scrubbing a Storage Pool (CLI)

Viewing Pool and Device Status (BUI)

Storage Pool Concepts

Data Profiles for Storage Pools

Understanding the Appliance Status

Status Dashboard

Summary of Pool Usage

Summary of Memory Usage

Disk Activity Dashboard

Running the Dashboard Continuously

Status Dashboard Settings

Changing the Displayed Activity Statistics

Changing the Activity Thresholds

Configuring Storage Area Network (SAN)

Configuring FC Port Modes (BUI)

Discovering FC Ports (BUI)

Creating FC Initiator Groups (BUI)

Associating a LUN with an FC Initiator Group (BUI)

Changing FC Port Modes (CLI)

Discovering FC Ports (CLI)

Creating FC Initiator Groups (CLI)

Associating a LUN with an FC Initiator Group (CLI)

Scripting Aliases for Initiators and Initiator Groups (CLI)

Creating an Analytics Worksheet (BUI)

Configuring SAN iSER Targets

Adding an iSCSI Target with an Auto-generated IQN (CLI)

Adding an iSCSI Target with a Specific IQN and RADIUS Authentication (CLI)

Adding an iSCSI Initiator with CHAP Authentication (CLI)

Adding an iSCSI Target Group (CLI)

Adding an iSCSI Initiator Group (CLI)

Configuring SRP Target (BUI)

Configuring SRP Targets (CLI)

Understanding SAN

SAN Fibre Channel Configuration

SAN iSCSI Configuration

SAN iSCSI Initiator Configuration

SAN SRP Configuration

SAN Terminology

Configuring Users

Adding an Administrator or User (BUI)

Adding an Administrator or User (CLI)

Changing a User Password (BUI)

Changing a User Password (CLI)

Editing Exceptions for a User (BUI)

Editing Exceptions for a User (CLI)

Deleting Exceptions for a User (BUI)

Deleting Exceptions for a User (CLI)

Adding a Role (BUI)

Adding a Role (CLI)

Editing Authorizations for a Role (BUI)

Editing Authorizations for a Role (CLI)

Deleting Authorizations from a Role (BUI)

Deleting Authorizations from a Role (CLI)

Adding a User Who Can View the Dashboard

Viewing the Logged-in User

Understanding Users and Roles

User Authorizations

Managing User Properties

Setting Appliance Preferences

Setting Preferences (BUI)

Setting Preferences (CLI)

Setting SSH Public Keys (BUI)

Setting SSH Public Keys (CLI)

Preference Properties

Configuring Alerts

Adding an Alert Action (BUI)

Adding an Alert Action (CLI)

Sending Email Alerts (CLI)

Sending an SNMP Trap (CLI)

Alert Categories

Threshold Alerts

Resuming/Suspending Analytics Datasets and Worksheets

Configuring Certificates

Creating a New Server Certificate (BUI)

Creating a New Server Certificate (CLI)

Uploading CA Certificates from Non-root CAs (BUI)

Uploading CA Certificates from Non-root CAs (CLI)

Viewing CSR and Certificate Details (BUI)

Viewing CSR and Certificate Details (CLI)

Destroying a CSR or Certificate (BUI)

Destroying a CSR or Certificate (CLI)

Setting the Appliance Certificate (BUI)

Setting the Appliance Certificate (CLI)

Uploading Trusted Certificates (BUI)

Uploading Trusted Certificates (CLI)

Viewing Trusted Certificate Details (BUI)

Viewing Trusted Certificate Details (CLI)

Destroying a Trusted Certificate (BUI)

Destroying a Trusted Certificate (CLI)

Assigning a Certificate to a Service (BUI)

Assigning a Certificate to a Service (CLI)

HTTP Strict Transport Security

Enabling HTTP Strict Transport Security (BUI)

Enabling HTTP Strict Transport Security (CLI)

Configuring SSL/TLS Versions and Ciphers

Configuring SSL/TLS (BUI)

Configuring SSL/TLS (CLI)

Appliance Services

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Understanding Users and Roles

A user can be one of the following types:

Administrator User Type	Non-Administrator User Type
Local - A locally defined appliance administrator; can be granted privileges by assigning custom roles; can optionally have a UID specified. Although local users are supported for data services, local groups are not supported.	Data-only - A data-only user defined locally for data (SMB, NFS, FTP, etc.) with no administrator access; can optionally have a UID specified.
Directory - An appliance administrator managed by a directory service (NIS or LDAP); can be granted privileges by assigning custom roles.	No-login - A username and UID reserved for identity mapping purposes. This user type is not allowed to log in to the appliance and can optionally have a UID specified.

Local and Directory users are administrator types, and can be granted privileges by assigning custom roles.

A role is a collection of privileges that can be assigned to an administrator user type. Newly created administrator users default to the "basic" role, which enables logging in to the administrative interface, but does not allow changes. All administrator users can read most system configuration parameters, and any role can be edited to add or delete authorizations.

The use of roles is more secure than giving everyone the root password. Roles restrict users to necessary authorizations only, and also attribute their actions to their individual username in the log. For example, you can create administrator and operator roles, with different authorization levels. Staff members can be assigned any role that is suitable for their needs, without assigning unnecessary privileges.

Related Topics

Adding an Administrator or User BUI, CLI
Changing a User Password BUI, CLI
Editing Exceptions for a User BUI, CLI
Deleting Exceptions for a User BUI, CLI
Adding a Role BUI, CLI
Editing Authorizations for a Role BUI, CLI
Deleting Authorizations from a Role BUI, CLI
Adding a User Who can Only View the Dashboard BUI

Copyright © 2009, 2018, Oracle and/or its affiliates. All rights reserved.