About user roles

User roles enable you to assign permissions and privileges to users based on their job responsibilities. You can assign full privileges to a user, or you can assign a subset of permissions to view, create, edit, or remove resources managed by the appliance.

User role permissions

Role

Type of user

Permissions or privileges

Full Infrastructure administrator

View, create, edit, or remove resources managed or monitored by the appliance, including management of the appliance, through the UI or using REST APIs.

An Infrastructure administrator can also manage information provided by the appliance in the form of activities, notifications, and logs.

Only an Infrastructure administrator can restore an appliance from a backup file.

Read only Read only

View managed or monitored resource information.

Cannot add, create, edit, remove, or delete resources.

Specialized Backup administrator

Create and download backup files, view the appliance settings and activities.

Has the authority to use scripts to log in to the appliance and run scripts to back up the appliance.

Cannot restore the appliance from a backup file.

NOTE:

This role is intended for scripts using REST APIs to log into the appliance to perform scripted backup creation and download so that you do not expose the Infrastructure administrator credentials for backup operations.

Hewlett Packard Enterprise recommends that users with this role should not initiate interactive login sessions through the HPE OneView user interface.

  Network administrator

View, create, edit, or remove networks, network sets, connections, interconnects, uplink sets, and firmware bundles.

View related activities, logs, and notifications.

Cannot manage user accounts.

  Server administrator

View, create, edit, or remove server profiles and templates, network sets, enclosures, and firmware bundles.

Access the Onboard Administrator and physical servers, and hypervisor registration.

View connections, networks, racks, power, and related activities, logs, and notifications.

Add volumes, but cannot add storage pools or storage systems.

Cannot manage user accounts.

  Server firmware operator

View managed or monitored resource information.

Access the physical servers.

Edit, but not create or delete, physical servers.

Edits the server hardware, firmware baseline, firmware installation method, and activation schedule values on server profiles.

  Server profile architect

Create and manage server profiles, server profile templates, storage volumes, labels, and network sets.

Use networks, enclosures, firmware drivers, server hardware, storage pools, and storage volume templates.

  Server profile administrator

Create and manage server profiles, storage volumes, labels, and network sets.

Use networks, enclosures, firmware drivers, server hardware, server profile templates, storage pools, and storage volume templates.

  Server profile operator

Create, delete, and update labels.

Update server hardware, and server profiles

Use networks, network sets, enclosures, firmware drivers, server hardware, server profiles, storage pools, and storage volume templates.

  Scope administrator

Create and delete scopes.

Update scopes, add, and remove scope resources.

Cannot modify any resource other than scopes.

  Scope operator

Update scopes, add, and remove scope resources.

Cannot modify any resource other than scopes.

Cannot create or delete scopes.

  Storage administrator

View, add, edit, or remove storage systems.

View or edit storage pools.

View, create, edit, add, or delete volumes.

View, create, edit, or delete volume templates.

View, add, or edit SAN managers.

View or edit SANs.