Installation Manual
Managing Security352
Roles Used to Restrict Access
Roles also restrict access to element properties, element records, and Provisioning Manager, as
shown in Table 26 on page 351.
Options for Restricting a Role
In addition, you can assign one of the following options within a role to further allow or restrict
access for a specific element:
• Full Control — Lets you view and modify the record for the element on the Asset Management
tab, and perform provisioning if applicable.
• Element Control — Lets you view and modify the record for the element on the Asset
Management tab. You cannot perform provisioning.
• View — Lets you only view element properties.
For example, if users belong to a role that only lets them view the element properties on storage
systems, those users would not be allowed to perform provisioning on storage systems because
their role does not have the Full Control option selected for storage systems. That same role could
also have the Full Control option selected for switches, allowing the user to perform provisioning for
switches. Thus, the user would not be able to provision storage systems, but would be able to
provision switches.
You can modify roles and/or create new ones. For example, you can modify the Help Desk role so
that the users assigned to this role can also view Reporter and modify servers.
Table 26 Default Role Privileges by Elements
Role Element
Application Host Switch Storage
System
Tape
Library
Others
CIO View View View View View View
Domain
Administrator
Full Control Full
Control
Full
Control
Full Control Full
Control
Full
Control
Storage
Administrator
View View Full
Control
Full Control Full
Control
Full
Control
Server
Administrator
View Full
Control
View View View View
Application
Administrator
Full Control View View View View View
Help Desk View View View View View View
SIMViewOnly View View View View View View