This section explains how Role-Based Access Control (RBAC) for users and groups works in Qumulo Core, explains the role types, and shows how to manage them by using the Qumulo Core Web UI.

To share management responsibilities with others, you can grant specific privileges to a user or group—locally or through Active Directory—by using RBAC.

Qumulo Core Role Types

This section explains the Administrators, Data-Administrators, Observers, and Custom role types in Qumulo Core.

Administrators

This role is suitable for system administrators. Users with this role have full access to, and control of, the cluster, including:

  • Configuration and management of general cluster settings for audit logging, snapshots, replication, quotas, and so on by using the Qumulo Core Web UI, REST API, or qq CLI
  • Creation of files and directories in any current and future directories
  • Reading of any files and file attributes and listing of any directories in any current and future directories
  • Deletion or renaming of any files and directories in any current and future directories
  • Changing of ownership and permissions for any files and directories in any current and future directories

Data-Administrators

This role is suitable for Qumulo Core REST API and qq CLI users who don’t have access to the Qumulo Core Web UI but have the same file privileges as those of the Administrators role, including:

  • Read and write permissions for all NFS, SMB, quota, and snapshot APIs
  • Read-only permissions for local API users
  • Access to analytics and file system

Observers

This role is suitable for users or groups who can access the Qumulo Core Web UI and read-only APIs (with the exception of debug APIs and authentication settings).

Custom

For information about managing RBAC and creating custom roles by using the qq CLI, see the following sections in the Qumulo qq CLI Command Guide:

Managing Roles by Using the Qumulo Core Web UI

This section explains how to add a member to, and remove a member from, an existing Qumulo Core role and how to create and edit a custom role.

To Add a Member to an Existing Qumulo Core Role

  1. Log in to the Qumulo Core Web UI.

  2. Click Cluster > Role Management.

  3. On the Role Management page, next to the role to assign, click Add Member.

  4. In the Add Member to <Role Type> dialog box, enter the Trustee and then click Yes, Add Member.

  5. Click Yes, Assign Role.

To Remove a Member from an Existing Qumulo Core Role

  1. Log in to the Qumulo Core Web UI.

  2. Click Cluster > Role Management.

  3. On the Role Management page, next to the user or group to remove from a role, click Delete .

To Create a Custom Qumulo Core Role

  1. Log in to the Qumulo Core Web UI.

  2. Click Cluster > Role Management.

  3. On the Role Management page, on the the upper-right side, click Create Role.

  4. On the Create Role page, do the following:

    1. Enter a Name and Description.

    2. Select the privileges to add to the role and click Save.

To Edit a Custom Qumulo Core Role

  1. Log in to the Qumulo Core Web UI.

  2. Click Cluster > Role Management.

  3. On the Cluster Management page, next to the role to edit, click Edit .

  4. On the Edit <Role Name> page, select the privileges to include in the role and click Save.