IN THIS ARTICLE
Outlines how to assign the administrators role (RBAC) to users and groups in Qumulo Core
- Cluster running Qumulo Core 2.13.5 and above (2.14.0 and above for Web UI)
- Command line (CLI) tools installed via API & Tools in the Web UI
- Existing Qumulo Administrator privileges required
With Qumulo, full cluster access can be granted to any user or group, local or in Active Directory, of your choosing by using the administrators role option. Assigning this role via the Qumulo Core Web UI or qq command line will grant admin rights so that management responsibilities for the cluster can be shared. As a Qumulo administrator, a user or group will have the privilege to perform the following actions:
- Configure and manage general cluster settings for audit logging, snapshots, replication, quotas, etc. via the Web UI, API, or QQ CLI
- Create files and directories in the current and all future directories
- Read all files and file attributes and list all directories in the current and all future directories
- Delete or rename all files and directories in the current and all future directories
- Change ownership and permissions for all files and directories in the current and all future directories
Manage Administrators via the UI
- Login to the Qumulo Core Web UI.
- Hover over the Cluster menu and click Role Management.
- Click Add Members.
- Assign administrators role using any one of the following trustee inputs:
- Click Yes, Assign Role.
The new user or group will be added to the list of Administrators on the Role Management page. To remove full access and control of the cluster, click the blue trash can icon to unassign the administrators role.
Manage Administrators via QQ CLI
To assign the administrators role, include the credential information for the trustee in the command below:
qq auth_assign_role --role administrator --trustee TRUSTEE
Supported credentials for the trustee include the following:
- Local username
- Active Directory credentials with DOMAIN\name
EXAMPLE: Running the command below would assign the administrators role to the user with UID 1000.
qq auth_assign_role --role administrator --trustee uid:1000
Keep in mind that a newly assigned administrator will need to re-log in or experience a session timeout for the change to take effect.
To unassign the administrators role, include the credential information for the trustee in the command below:
qq auth_unassign_role --role administrator --trustee TRUSTEE
EXAMPLE: The administrators role would be unassigned to the user with UID 1000 using the command below.
qq auth_unassign_role --role administrator --trustee uid:1000
To review the list of users and groups that have full privileges as assigned administrators on your cluster, use the command below:
qq auth_list_role --role administrator
You should now be able to successfully assign the administrators role (RBAC) to users and groups in Qumulo Core
Like what you see? Share this article with your network!