Role-based security is typically used for administrators who need permissions on multiple entities. To use role-based security, you must create a security association between users or user groups, a role, and entities:
-
User or user group: The CommCell user or external user (for example, an Active Directory user) who is given access.
-
Role: A collection of permissions that defines the level of access granted to a user or a user group. Permissions allow users to perform tasks such as performing backup, restore, and administrative operations (for example, license administration) on entities.
-
Entity: A logical or physical component, for example, a client or a storage policy, that a user can access based on the user's role.
Security associations can be added at the user level, user-group level, or directly on an entity.
Permissions Required to Create Security Associations
To create security associations, you must have a role that includes the following:
Permission |
Entity |
---|---|
The permission for the type of users in the security association:
|
The users, user groups, or domains included in the security association |
Change security settings |
The entities included in the security association |
The same permissions as in the role you use to create the security association |
The entities included in the security association |
Example
If User A wants to create a security association by assigning the Client Admins role to User Z on Client 1, then User A must have the following permissions:
-
Add, delete, and modify a user permission on User Z.
-
Change security settings permission on Client 1.
-
All of the permissions included in the Client Admins role on Client 1.
For more information on permissions, see Security Associations.