Supported Array Roles
- Administrator: This role allows users to perform all actions.
- PowerUsers: A user can perform most actions. A user cannot perform user management tasks, set inactivity timeouts, or perform array setup.
- Operator. The user can perform most management operations. The user cannot delete or remove data.
- Guest. The user can view information and choose VMware subnets.
If the user belongs to a group that is not associated with any role or if the group is disabled, the user will not be able to log in to the array.
If a user belongs to multiple groups that have
different roles, the group-role mapping that is used depends on whether Active
Directory or LDAP is being used:
- Active Directory: The role with the fewest privileges is used.
- LDAP: The role with the highest privileges is used.
NOTE: You can check a user's role by
running the userauth --test_user command from
the array CLI.
When an array administrator makes a change to the group-based RBAC rules, users who are logging in will use the updated roles. Any users who are already logged in will receive the new privileges for subsequent operations.