Role-based access
The appliance provides default roles to separate responsibilities in an organization. A user role enables access to specific resources managed from the appliance.
Role-based access control enforces permissions to perform operations that are assigned to specific roles. You assign specific roles to system users or processes, which gives them permission to perform certain system operations. Because a user is not assigned permissions directly, but instead acquires them through their role (or roles), individual user rights are managed by assigning the appropriate roles to the user. At initial appliance startup, there is a default administrator account with full access (Infrastructure administrator) privileges. For more information about the actions each role can perform, see Action privileges for user roles.
If you cannot see resource information or perform a resource task, your assigned role does not have the correct privileges. In this case, you should request a different role or an additional role. The Dashboard displays status of the most relevant resources that are associated with assigned user roles. If you are assigned multiple roles, such as Network and Storage roles, the dashboard displays the combination of resources that each role would see on the dashboard.
Local authentication
You can add a user authorized to access all resources managed by the appliance (full access user) or add a user who has access based on their job responsibilities (role-based specialist). For each of these users, authentication is confirmed by comparing the user login information to an authentication directory hosted locally on the appliance.
The default administrator login for the appliance is automatically assigned with full access (Infrastructure administrator) privileges.
Directory-based authentication
You can add a user authorized by membership to access all resources managed by the appliance (full access user) or add a user authorized by membership who has access based on their job responsibilities (role-based specialist). For each of these users, authentication is confirmed by comparing the user login information to an enterprise directory.