This section illustrates the use of the XIV GUI to manage users and their roles, as well as the creation and association of user groups for application administrators.
Predefined user Default password Category
admin adminadmin storageadmin
technician technician technician
N/A N/A applicationadmin
N/A N/A readonly
xiv_development N/A xiv_development
xiv_maintenance N/A xiv_maintenance
Important: A user group only applies to users with the application administrator role.
Rules:
A maximum of 32 users can be created.
A maximum of eight user groups can be created.
Adding users with the GUI
The following steps require that you initially log on to the XIV Storage System with storage administrator access rights (storageadmin role). If this is the first time that you access the system, use the predefined user admin (default password adminadmin):
1. Open the XIV GUI and log on as shown in Figure 6-1.
Figure 6-1 GUI Login
2. Users are defined per system. If you manage multiple systems and they have been added to the GUI, select the particular system with which you want to work.
3. In the main Storage Manager GUI window, move the mouse pointer over the padlock icon to display the Access menu. All user access operations can be performed from the Access menu (refer to Figure 6-2). There are three choices:
– Users: Define or change single users
– Users Groups: Define or change user groups, and assign application administrator users to groups
– Access Control: Define or change user groups, and assign application administrator users or user group to hosts
4. Move the mouse over the Users menu item (it is now highlighted in yellow) and click (Figure 6-2).
Figure 6-2 GUI Access menu
5. The Users window is displayed.
If the storage system is accessed for the first time, the window displays the predefined users (refer Figure 6-3 on page 130 for an example). The default columns are Name, Role, Group, E-mail, and Phone.
Figure 6-3 GUI Users management
c. We recommend that you change the default passwords for the predefined users, which can be accomplished by right-clicking the user name and selecting Change Password from the context menu, as illustrated in Figure 6-4. Repeat the operation for each of the four predefined users.
Figure 6-4 GUI change password
6. To add a new user, you can either click the Add icon in the menu bar or right-click the empty space to get the context menu. Both options are visible in Figure 6-5. Click Add
User.
7. The Define User dialog is displayed. A
user
is defined by a unique name and a password (refer to Figure 6-6). The default role (denoted as Category in the dialog panel) isstorageadmin and must be changed. Optionally, enter the e-mail address and phone number for the user. Click Define to define the user and return to the Users window.
Figure 6-6 GUI Define User attributes
8. If you need to test the user that you just defined, click the current user name shown in the upper right corner of the IBM XIV Storage Manager window (Figure 6-7), which allows you to log in as a new user.
Figure 6-7 GUI quick user change
Defining user groups with the GUI
The IBM XIV Storage Subsystem can simplify user management tasks with the capability to create users groups. Users groups only apply to users with application administrator roles. A user group is also associated to one or more application hosts or clusters.
The following steps illustrate how to create users groups, add users (with application administrator role) to the group, and how to define host associations for the group:
1. Be sure to log in as admin (or another user with storage administrator rights). From the Access menu, click Users Groups as shown in Figure 6-8. In our scenario, we create a users group called EXCHANGE CLUSTER 01. As shown in Figure 6-8, the user groups can be accessed from the Access menu (padlock icon).
2. The Users Groups window displays. To add a new user group, either click the Add User Group icon (shown in Figure 6-9) in the menu bar, or right-click in an empty area of the Users Groups table and select Add User Group from the context menu as shown in Figure 6-9.
Figure 6-9 Add User Group
3. The Create User Group dialog displays. Enter a meaningful group name and click OK (refer to Figure 6-10).
Figure 6-10 Enter New User Group Name
4. At this stage, the user group EXCHANGE CLUSTER 01 is still empty. Next, we add a host to the user group. Select Access Control from the Access menu as shown in Figure 6-11. This Access Control window appears.
Figure 6-11 Access Control
5. Right-click the name of the user group that you have created to bring up a context menu and select Updating Access Control as shown in Figure 6-12 on page 133.
Figure 6-12 Updating Access Control for a user group
6. The Access Control Definitions dialog that is shown in Figure 6-13 is displayed. The panel contains the names of all the hosts or clusters defined to the XIV Storage System. The left pane displays the list of Unauthorized Hosts/Clusters for this particular user group and the right pane shows the list of hosts that have already been associated to the user group. You can add or remove hosts from either list by selecting a host and clicking the appropriate arrow. Finally, click Update to save the changes.
Figure 6-13 Access Control Definitions panel
7. After a host (or multiple hosts) have been associated to a user group, you can add users to the user group (remember that a user must have the application administrator role to be added to a user group). Go to the Users window and right-click the user name to display the context menu. From the context menu (refer to Figure 6-14), select Add to Group to add this user to a group.
8. The Select User Group dialog is displayed. Select the desired group from the pull-down list and click OK (refer to Figure 6-15).
Figure 6-15 Select User Group
9. The user adm_mike02 has been assigned to the user group EXCHANGE CLUSTER 01 in this example. You can verify this assignment in the Users panel as shown in Figure 6-16.
Figure 6-16 View user associated to a user group
10.The user adm_mike02 is an applicationadmin with the Full Access right set to no. This user can now perform snapshots of the EXCHANGE CLUSTER 01 volumes. Because the exchange cluster is the only host in the group, adm_mike02 is only allowed to map those snapshots to the EXCHANGE CLUSTER 01. However, you can add another host, such as a test or backup host, to allow adm_mike02 to map a snapshot volume to a test server.