Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes

Local domain roles

When native authentication is used, all roles except Security are defined in a nested manner. Each role is authorized to perform operations related to its definition, in addition to the commands permitted by lower-level roles.

1. Superuser: Can perform all operations, configuration tasks, and upgrades. There can only be one Superuser, who is always a local user.
2. Security: Can define administrators and control LDAP. The Security user is not part of the hierarchical model and has a set of commands that only a Security (or Superuser) can perform.
3. Administrator: Can perform all Configure operations and also define the Configure- and Monitor-level users. Can perform upgrades.
4. Configure: Does not exist as a default option, but can be configured from FrontendConfigure or BackendConfigure. Can perform upgrades.
5. FrontendConfigure: Can perform Monitor operations and frontend-related configurations that include volume manipulations (adding, deleting, and mapping volumes and snapshots) and SDC operations (adding and deleting SDCs).
6. BackendConfigure: Can perform monitoring operations, upgrades, and backend-related configurations. Operations include:
   • Protection Domain and Storage Pool operations
   • Manipulating Fault Sets and SDS
   • Configuring SDS devices
   • Configuring replication
7. Monitor: Can only perform monitoring operations that do not affect the system.