Chapter 6. Users

6.1. Authorization Model
6.2. User Properties
6.2.1. Roles
6.2.2. Permissions
6.3. Users Operations
6.3.1. Adding Users and Groups
6.4. Users Troubleshooting
6.4.1. Managing Event Notifiers
6.4.2. Removing Users
This section describes the users in Red Hat Storage Console, how to set up user roles that control user permission levels, and how to manage users on the Red Hat Storage platform. Red Hat Storage Console relies on directory services for user authentication and information. Currently the supported provider of directory services for use with the Red Hat Storage Console are Identity, Policy, and Audit (IPA).
Users are assigned roles that allow them to perform their tasks as required. The role with the highest level of permissions is the admin role, which allows a user to set up, manage, and optimize all aspects of the Red Hat Storage Console platform. By setting up and configuring roles with permissions to perform actions and create objects, users can be provided with a range of permissions that allow the safe delegation of some administrative tasks to users without granting them complete administrative control.
Red Hat Storage Console provides a rich user interface that allows an administrator to manage their storage infrastructure from a web browser allowing even the most advanced configurations such as network bonding and VLANs to be centrally managed from a graphical console.

Note

Users are not created in Red Hat Storage Console platform, but in the Directory Services domain. Red Hat Storage Console can be configured to use multiple Directory Services domains.

6.1. Authorization Model

Red Hat Storage Console applies authorization controls to each action performed in the system. Authorization is applied based on the combination of the three components in any action:
  • The user performing the action
  • The type of action being performed
  • The object on which the action is being performed
Actions
For an action to be successfully performed, the user must have the appropriate permission for the object being acted upon. Each type of action corresponds to a permission. There are many different permissions in the system, so for simplicity they are grouped together in roles.
Actions

Figure 6.1. Actions


Permissions
Permissions enable users to perform actions on objects, where objects are either individual objects or container objects.
Permissions & Roles

Figure 6.2. Permissions & Roles


Any permissions that apply to a container object also apply to all members of that container.

Important — Actions can impact multiple objects

Some actions are performed on more than one object. For example, copying a template to another storage domain will impact both the template and the destination storage domain. The user performing an action must have appropriate permissions for all objects the action impacts.