Administrator Guide
Administrator Privileges
The Administrator privilege level is the most powerful user prole in Storage Manager.
The Administrator role has full access to Storage Manager features. The only exceptions are SupportAssist properties and Data
Collector properties. The Administrator can view and manage these features, but cannot add new properties.
NOTE: Storage Manager privileges for Fluid Cache describe the ability of a user to add Fluid Cache clusters in the Dell
Storage Manager Client. Fluid Cache privilege levels indicate the ability of a user to manage an existing Fluid Cache
cluster. Fluid Cache privilege levels are set when a Fluid Cache cluster is mapped to a user in the Data Collector Manager.
For more information see the Dell Fluid Cache for SAN Cluster Administration chapter.
Related link
Dell Fluid Cache for SAN Cluster Administration
Storage Center User Privileges and User Groups
Authenticating Users with an External Directory Service
The Data Collector can be congured to authenticate Storage Manager users with an Active Directory or OpenLDAP directory
service. If Kerberos authentication is also congured, users can log in with the Client automatically using their Windows session
credentials.
Storage Manager access can be granted to directory service users and groups that belong to the domain to which the Data
Collector is joined. For Active Directory, access can also be granted to users and groups that belong to domains in the same forest,
as well as domains that belong to forests for which one-way or two-way trusts are congured.
Conguring an External Directory Service
Before users can be authenticated with an external directory service, the Data Collector must be congured to use the directory
service.
Congure the Data Collector to Use a Directory Service
Use the Data Collector Manager to congure the Data Collector to use an Active Directory or OpenLDAP directory service.
Prerequisites
• An Active Directory or OpenLDAP directory service must be deployed in your network environment.
• The directory service must meet specic conguration requirements.
– Active Directory: The directory service must be congured to use Kerberos authentication.
– OpenLDAP: The directory service must be congured to use LDAP with the StartTLS extension or LDAPS (LDAP over SSL).
• If the directory service is OpenLDAP, the SSL certicate public key le (DER or PEM encoding) for the directory server must be
exported and transferred to the server that hosts the Data Collector.
• The Data Collector must have network connectivity to the directory service.
• DNS SRV records must be correctly congured in your environment to allow the Data Collector to determine how to interact
with the directory service. If SRV records are not dened or are improperly congured, you must congure the directory service
settings manually.
• The Data Collector requires a user that has permission to query the directory service. For Active Directory, this user must also
have a User Principal Name attribute (username@example.com) on his or her entry in the directory.
• To use Kerberos authentication, you must provide the user name and password for a directory service user who has
Administrator privileges or use an existing service account.
• If a directory service is congured and you want to recongure the Data Collector to use a directory service in a dierent domain,
the directory services conguration must be disabled and applied before you continue.
• To authenticate Active Directory users that belong to domains in a dierent forest, a one-way or two-way trust must be
congured between the local forest and remote forest.
824
Storage Manager User Management