Active Directory Groups

To use the Active Directory, Active Directory group names must be associated with array user roles. Each Active Directory group can have only one of the following roles assigned to it:

  • Administrator
  • PowerUser
  • Operator
  • Guest

If the user belongs to a group that is not associated with any role or if the group is disabled, the user will not be able to login to the array.

If a user belongs to multiple Active Directory groups which have different roles, each time the user executes a CLI command, the group-role mapping with the most restrictive role (the role with the least privileges) is used.

When an administrator makes a change to the group-based RBAC rules, users who are logging in will use the updated roles. For users who are already logged in, they will receive the new privileges for any subsequent operation.