Roles and Permissions can be considered as the properties of the User object. Roles are predefined sets of privileges that can be configured from Red Hat Gluster Storage Console, permitting access and management to different levels of resources in the cluster, to specific physical and virtual resources. Multilevel administration includes a hierarchy of permissions that can be configured to provide a finely grained model of permissions, or a wider level of permissions as required by your enterprise. For example, a cluster administrator has permissions to manage all servers in the cluster, while a server administrator has system administrator permissions to a single server. A user can have permissions to log into and use a single server but not make any changes to the server configurations, while another user can be assigned system permissions to a server, effectively acting as system administrator on the server.
Red Hat Gluster Storage provides a range of pre-configured or default roles, from the Superuser or system administration, to an end user with permissions to access a single volume only. There are two types of system administration roles: roles with system permissions to physical resources, such as hosts and storage; and roles with system permissions to virtual resources such as volumes. While you cannot change the default roles, you can clone them, and then customize the new roles as required.
Red Hat Gluster Storage Console has an
administrator role. The privileges provided by this role are shown in this section.
The default roles cannot be removed from the Red Hat Gluster Storage, or privileges cannot be modified; however the name and descriptions can be changed.
Allows access to the Administration Portal for managing servers and volumes.
For example, if a user has an
administrator role on a cluster, they could manage all servers in the cluster using the Administration Portal.
Table 11.1. Red Hat Gluster Storage Console System Administrator Roles
| Role || Privileges || Notes |
| SuperUser || Full permissions across all objects and levels || Can manage all objects across all clusters. |
| ClusterAdmin || Cluster Administrator || Can use, create, delete, and manage all resources in a specific cluster, including servers and volumes. |
| GlusterAdmin || Gluster Administrator || Can create, delete, configure and manage a specific volume. Can also add or remove host. |
| HostAdmin || Host Administrator || Can configure, manage, and remove a specific host. Can also perform network-related operations on a specific host. |
| NetworkAdmin || Network Administrator || Can configure and manage networks attached to servers. |
The following table details the actions for each object in the cluster, for each of which permission may be assigned. This results in a high level of control over actions at multiple levels.
Table 11.2. Permissions Actions on Objects
| Object || Action |
| System - Configure RHS-C || Manipulate Users, Manipulate Permissions, Manipulate Roles, Generic Configuration |
| Cluster - Configure Cluster || Create, Delete, Edit Cluster Properties, Edit Network |
| Server - Configure Server || Create, Delete, Edit Host Properties, Manipulate Status, Edit Network |
| Gluster Storage - Configure Gluster Storage || Create, Delete, Edit Volumes, Volume Options, Manipulate Status |