When you create an MCMU user, you assign the user one of these roles:
Primary Admin (root role) – The root role defines the rights and privileges of primary administrators of the MiniCluster system including all its compute nodes, networks, database, and storage. Users with the root role can perform all installation and all critical administrative operations without any constraints. As primary administrators, they can delegate operations and approve adding and deleting users including new primary and secondary administrators. The user must login with his/her own credentials. The mcinstall user has the root role. All actions and operations carried out are logged and audited based on the user identifier, not the role identifier.
Secondary Admin (mcadmin role) – Users who are assigned with this role have read-only access to the global zones. They cannot run the MCMU BUI or CLI. All actions and operations carried out are logged and audited based on the user identifier, not the role identifier.
Tenant Admin (tadmin role) – This role defines the rights and privileges of the administrator of a MiniCluster VM. The role defines the rights and privileges of a VM administer involved with day-to-day administrative operations supporting application installations and deployment. Tenant admins cannot run MCMU, or access the global or kernel zones. All actions are audited based on the user identifier, not the role identifier. A Tenant Admin user can use two-factor authentication to securely log in by entering a password from a mobile device. For more instructions, see Enable One-Time Password (OTP) Authentication (BUI).
Auditor (auditor role) – Users with this role only have access to the MCMU BUI audit review page where they can view the audit pool status and generate reports for user activity. Only users with this role can access the audit review page. Auditors cannot access the MCMU (except for the audit page), nor can they log into kernel zones or VMs.