11.3. User Properties

Roles and Permissions can be considered as the properties of the User object. Roles are predefined sets of privileges that can be configured from Red Hat Gluster Storage Console, permitting access and management to different levels of resources in the cluster, to specific physical and virtual resources. Multilevel administration includes a hierarchy of permissions that can be configured to provide a finely grained model of permissions, or a wider level of permissions as required by your enterprise. For example, a cluster administrator has permissions to manage all servers in the cluster, while a server administrator has system administrator permissions to a single server. A user can have permissions to log into and use a single server but not make any changes to the server configurations, while another user can be assigned system permissions to a server, effectively acting as system administrator on the server.

11.3.1. Roles

Red Hat Gluster Storage provides a range of pre-configured or default roles, from the Superuser or system administration, to an end user with permissions to access a single volume only. There are two types of system administration roles: roles with system permissions to physical resources, such as hosts and storage; and roles with system permissions to virtual resources such as volumes. While you cannot change the default roles, you can clone them, and then customize the new roles as required.
Red Hat Gluster Storage Console has an administrator role. The privileges provided by this role are shown in this section.

Note

The default roles cannot be removed from the Red Hat Gluster Storage, or privileges cannot be modified; however the name and descriptions can be changed.

Administrator Role

  • Allows access to the Administration Portal for managing servers and volumes.
    For example, if a user has an administrator role on a cluster, they could manage all servers in the cluster using the Administration Portal.

Table 11.1. Red Hat Gluster Storage Console System Administrator Roles

Role Privileges Notes
SuperUser Full permissions across all objects and levels Can manage all objects across all clusters.
ClusterAdmin Cluster Administrator Can use, create, delete, and manage all resources in a specific cluster, including servers and volumes.
GlusterAdmin Gluster Administrator Can create, delete, configure and manage a specific volume. Can also add or remove host.
HostAdmin Host Administrator Can configure, manage, and remove a specific host. Can also perform network-related operations on a specific host.
NetworkAdmin Network Administrator Can configure and manage networks attached to servers.

11.3.2. Permissions

The following table details the actions for each object in the cluster, for each of which permission may be assigned. This results in a high level of control over actions at multiple levels.

Table 11.2. Permissions Actions on Objects

Object Action
System - Configure RHS-C Manipulate Users, Manipulate Permissions, Manipulate Roles, Generic Configuration
Cluster - Configure Cluster Create, Delete, Edit Cluster Properties, Edit Network
Server - Configure Server Create, Delete, Edit Host Properties, Manipulate Status, Edit Network
Gluster Storage - Configure Gluster Storage Create, Delete, Edit Volumes, Volume Options, Manipulate Status