Hardware manual

ManualsBrandsDell ManualsComputer equipment6 series

Group Administration Group security

4–3

You can manage accounts locally or remotely:

• Locally in the group – If you h

ave relatively few administration accounts, this method is practical. Account

authentication occurs within the group. The default administration account,

grpadmin, is a local account

created automatically when the group is first configured.

See Creating a local administration account on page 4

-5.

• Remotely on an external server – If yo

u have a large number of administration accounts, you can use an

external Remote Authentication Dial-in User Service (RADIUS) server to authenticate and, optionally, manage

administration accounts.

Restriction: To

delete a RADIUS account, remove it from Active Directory and then delete it from the group.

A group can use both local accounts and RADIUS-authenticate

d accounts. However, each account name

must be unique.

See About administration accounts on a RADIUS

authentication server on page 4-7.

Types of administrator accounts

Table 4-4 lists administration account types and their privileges, The first column lists account types and the

second column describes them.

Table 4-4: Types of Administrator Accounts

Account Type Description

grpadmin Can perform all group management tasks, including m

anaging the group, storage pools, members,

volumes, and accounts. You set the password for the grpadmin account when you create a

group. You cannot delete the grpadmin account.

Only the grpadmin ac

count can

update member firmware. You cannot rename, delete, or

change the account type for the grpadmin account.

Group administrator Can perform the same tasks as the grpadm

account, except cannot update member firmware.

Read-only Can view information about all group objects, b

ut cannot change the group configuration.

Pool administrator Can manage the volumes, members, snapshots, and other objects only in the pool or pools for

which the accoun

t has authorization. Optionally, pool administrators can view information about

all group objects.

Pool administrators can assign volumes to volume administrators, provided that the pool

administrator

has access to the pool

containing the volumes, and that the volume administrator has

sufficient free quota space.

Pool administrators cannot change the

resources

to which they have access.