User roles enable you to assign permissions and privileges to users based on their job responsibilities. You can assign full privileges to a user, or you can assign a subset of permissions to view, create, edit, or remove resources managed by the appliance.
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: If you are using an external authentication directory service such as LDAP in the CloudSystem Console, the role assignment is made to the group, rather than to individual users. However, in the CloudSystem Portal, roles are assigned to users, and groups are not recognized. |
|
|
See the HP CloudSystem 8.0 Release Notes for information and limitations when mapping roles in the CloudSystem Console to the CloudSystem Portal. See the HP CloudSystem 8.0 Administrator Guide for information about unsupported functions. Both documents are available at the Enterprise Information Library.
Appliance and resource management roles
| Role | Type of user | Associated permissions or privileges | Notes | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Full | Infrastructure administrator |
View, create, edit, or remove resources managed by the appliance, including management of the appliance itself through the UI or command line. An Infrastructure administrator can also manage information provided by the appliance in the form of activities, notifications, and logs. |
An Infrastructure administrator (Full role) created in the CloudSystem Console can view and manage all resources in the CloudSystem Console. Using the same username and password, the Infrastructure administrator can log into the CloudSystem Portal in the Admin role, with full access to the Administrator project. See also CloudSystem Portal roles. |
||||||
| Read only | Read only |
View only access |
A Read only user created in the CloudSystem Console can view all resources in the CloudSystem Console but cannot create, edit, or delete resources. A Read only user can log into the CloudSystem Portal if the user is a member or admin of a non-Administrator project. A Read only user is not restricted to Read only privileges in the CloudSystem Portal. This user has either full member or full administrator privileges depending on their user configuration in the CloudSystem Portal . |
||||||
| Specialized | Backup administrator |
|
No backup functions are provided in the CloudSystem Console. Information about backing up and restoring CloudSystem Foundation is provided in a white paper available at Enterprise Information Library. |
CloudSystem Portal roles
| Role | Type of user | Associated permissions or privileges | Notes |
|---|---|---|---|
| Admin | Cloud administrator |
View the Admin tab in the CloudSystem Portal. Administrative users can view usage and manage instances, volumes, flavors, images, projects, users, services, and quotas. For more information, see the HP CloudSystem 8.0 Administrator Guide at the Enterprise Information Library and the OpenStack Admin User Guide at OpenStack Cloud Software. |
A Cloud administrator created in the CloudSystem Portal can view and manage all resources in the CloudSystem Portal. The Cloud administrator can log into the CloudSystem Console only if he or she has a user account in the CloudSystem Console. |
| Member | Cloud user |
View the Project tab in the CloudSystem Portal. Users can view and manage resources in the project to which they are assigned. For more information, see the HP CloudSystem 8.0 Administrator Guide at the Enterprise Information Library and the OpenStack End User Guide at OpenStack Cloud Software. |
A member created in the CloudSystem Portal can view all services available to them in the CloudSystem Portal and can create, edit, and delete resources provided by those services. The actions a member can perform on their cloud are a subset of the actions an administrator can perform. A member user can log into the CloudSystem Console only if the user also has a user account in the CloudSystem Console. |