About predefined roles in Veritas Operations Manager 5.0

Article:HOWTO77784  |  Created: 2012-08-24  |  Updated: 2012-08-24  |  Article URL http://www.symantec.com/docs/HOWTO77784
Article Type
How To

Product(s)

Subject


About predefined roles in Veritas Operations Manager 5.0

Veritas Operations Manager lets you combine a role and a scope to specify a predefined role. The following table explains the combination of roles and scopes and the resultant predefined roles:

Table: Summary of predefined roles in Veritas Operations Manager

Role and scope

Predefined role

Admin and Domain (Entire Domain)

Domain Admin

Admin and Selected Business Entities

Admin

Operator and Domain (Entire Domain)

Domain Operator

Operator and Selected Business Entities

Operator

Guest

Guest

In the New Security Group panel, you must specify a role and a scope to assign a predefined role to the security group.

Veritas Operations Manager lets you provide the role that you create with the privilege to access the views and reports and perform the operations that are related to out-of-band storage management. To provide the storage administration privileges, you can use the Allow access to storage views and operations check box on the New Security Group wizard panel.

If you do not select the Allow access to storage views and operations check box, the administrators or the operators with the role that you create can only administer the servers. They cannot access the views and reports and perform the operations that are related to out-of-band storage management from the servers that they administer.

Table: Veritas Operations Manager predefined roles table explains the role and the scope that you must select to assign a predefined role to security groups.

Note:

You cannot provide any scope to the Guest role. When you select the Guest role, the panel does not display the Scope options.

Table: Veritas Operations Manager predefined roles

Role and scope

Predefined role

Description

Admin and Domain (Entire Domain)

Domain Admin

A user with the Domain Admin role has complete access to the system and can do the following:

  • Access all managed hosts that are added to Management Server.

  • Access the views and reports and perform the operations that are related to out-of-band storage management.

  • Manage the business entities.

  • Manage the authentication brokers .

  • Manage the security groups.

  • Create the users with the Admin role.

  • Access all Veritas Operations Manager Add-ons.

  • Deploy the packages and patches.

  • Manage all the hosts.

  • Perform all the configurations and the operations on all the VCS cluster.

Note:

Only the users with the Domain Admin role can create business entities, create security groups, and add hosts to the domain.

Admin and Selected Business Entities

Admin

A user with the Admin role has restricted access to the managed hosts that are added to Management server. The Admin role is mapped to a security group with one or more business entities.

An Admin can do the following:

  • Access all objects in a business entity that is associated with the security group to which the Admin role is mapped.

  • Perform all operations on the objects in a business entity that is associated with the security group to which the Admin role is mapped.

  • Perform the configurations and the operations on the VCS cluster if the cluster is added to the business entity as a base object.

  • Perform the configurations and the operations on the service groups and the associated storage objects if the service group is added to the business entity as a base object.

An Admin with the privileges to access the storage views and operations can access the views and reports and perform the operations that are related to out-of-band storage management from the objects in the application group to which the Admin role is mapped.

Operator and Domain (Entire Domain)

Domain Operator

A user with the Domain Operator role can perform all operations on all the VCS clusters. But, this user is not allowed to make any configuration changes to the VCS clusters.

A Domain Operator with the privileges to access the storage views and operations can access the views and reports and perform the operations that are related to out-of-band storage management from the VCS clusters in Veritas Operations Manager.

A Domain Operator is provided with the Guest role on the Storage Foundation objects.

Operator and Selected Business Entities

Operator

A user with the Operator role can do the following:

  • Clear the service groups.

  • Make service groups and storage resources online or offline.

  • Temporarily freeze or unfreeze service groups.

  • Switch the service groups.

  • Autoenable the service groups.

  • Display information on application heartbeat for a service group.

  • Bring the resources online or take them offline.

  • Run an action on the resources.

  • Refresh the information on the resources.

  • Flush the service groups.

  • Flush the resources.

The operator can perform these tasks based on the clusters or service groups that are added to the business entities as base objects.

An Operator with the privileges to access the storage views and operations can access the views and reports and perform the operations that are related to out-of-band storage management from the VCS clusters in the application group to which the Operator role is mapped.

An Operator is provided with the Guest role on the Storage Foundation objects.

Guest

Guest

The users with the Guest role have read-only access. They cannot perform any tasks in Veritas Operations Manager.

See About the security model for Veritas Operations Manager 5.0


Legacy ID



v32594154_v71172234


Article URL http://www.symantec.com/docs/HOWTO77784


Terms of use for this information are found in Legal Notices