4 about user roles, 5 action privileges for user roles, Default roles – HP OneView User Manual

25.4 About user roles

User roles enable you to assign permissions and privileges to users based on their job
responsibilities. You can assign full privileges to a user, or you can assign a subset of permissions
to view, create, edit, or remove resources managed by the appliance.

Table 10 User role permissions

Permissions or privileges

Type of user

Role

View, create, edit, or remove resources managed by the appliance, including
management of the appliance, through the UI or using REST APIs.

An Infrastructure administrator can also manage information provided by
the appliance in the form of activities, notifications, and logs.

Only an Infrastructure administrator can restore an appliance from a backup
file.

Infrastructure
administrator

Full

View managed resource information.

Cannot add, create, edit, remove, or delete resources.

Read only

Read only

Create and download backup files, view the appliance settings and activities.

Has the authority to use scripts to log in to the appliance and run scripts to
back up the appliance.

Cannot restore the appliance from a backup file.

NOTE:

This role is specifically intended for scripts using REST APIs to log

into the appliance to perform scripted backup creation and download so
that you do not expose the Infrastructure administrator credentials for backup
operations.

HP recommends that users with this role should not initiate interactive login
sessions through the HP OneView user interface.

Backup administrator

Specialized

View, create, edit, or remove networks, network sets, connections,
interconnects, uplink sets, and firmware bundles.

View related activities, logs, and notifications.

Cannot manage user accounts.

Network
administrator

View, create, edit, or remove server profiles and templates, network sets,
enclosures, and firmware bundles.

Access the Onboard Administrator and physical servers, and hypervisor
registration.

View connections, networks, racks, power, and related activities, logs, and
notifications.

Cannot manage user accounts.

Add volumes, but cannot add storage pools or storage systems.

Server administrator

View, add, edit, or remove storage systems.

View, add, or remove storage pools.

View, create, edit, add, or delete volumes.

View, create, edit, or delete volume templates.

Storage
administrator

25.5 Action privileges for user roles

The following table lists the user action privileges associated with each user role. The Use privilege
is a special case that allows you to associate objects to objects that you own but you are not
allowed to change. For example, in a logical interconnect group, a user assigned the role of Server
administrator is not allowed to define logical interconnect groups, but can use them when adding
an enclosure.

178

Managing users and authentication