Follow

InfiniBox user management

InfiniBox features role-based access control either natively or using LDAP-based authentication.

  • Role-based access control – InfiniBox provides predefined role, each with a preset access to GUI and CLI commands and tasks
  • Access authentication – InfiniBox supports the following methods for authenticating users:
    • Local users – InfiniBox authenticates users against a local database.
    • LDAP users – InfiniBox authenticates users against the organization’s LDAP repository

User roles

User roles are preset in InfiniBox, so when users are assigned to a specific user role, their access level are predictable.

Read-only

A read-only user can query for information only. The query permissions are sufficient for carrying out monitoring tasks, viewing the system health, events, capacity utilization, etc. The read-only user cannot, however, make any changes to the system. 

Admin

The admin (system administrator) has permission for all InfiniBox functionality, including creating services, provisioning pools and datasets, and creating other users. For creating other users, see below.

Pool admin

The pool admin has admin right for a specific pool (or pools). Within this pool (or pools), the pool admin can provision datasets, map them to hosts and take snapshots.

The pool admin has read-only permissions outside its pool (or pools).

The InfiniBox admin can create pool admin users and assign them to pools, in order to carry out designated provisioning tasks. However, only the InfiniBox admin can create and delete pool admin users. The pool admin does not have such permissions.

Technician

The technician is a role that is assigned to INFINIDAT technicians that carry out maintenance tasks on the customer premise.

The technician role has permissions that are identical to the read-only user, with additional access to hardware CLI commands. Thus, a technician that visits the customer premise and logs into an InfiniBox system, can replace a faulty drive, but cannot impact any other InfiniBox system setting or functionality.

The status of the InfiniBox system physical components is visible to all user roles (admin, pool admin, read-only). However, only the technician has access to commands that are required for hardware maintenance (for example, the deactivation of a faulty drive and the activation of the new drive that replaces the faulty drive).

Setting user names and passwords

  • Both user names and passwords are case-sensitive
  • New user names have to conform to the following guidelines:
    • Maximum of 65 Latin characters, numbers, spaces, and the following symbols: "^&'@()[]$=!-#{}%.+~_" (excluding quotation marks).
    • Leading and trailing whitespace characters are stripped.

User groups

The user group maps an LDAP group of users to an InfiniBox user role. A user group can have only one user role, so any user that belongs to a specific LDAP group can have only this specific InfiniBox role. 

Authenticating users

InfiniBox offers both local and default user authentication methods.

Local users

The user is authenticated by InfiniBox based on the submitted user and password – that are compared to the user credentials that are stored on InfiniBox. As the user is assigned to a role, the logged in user has predictable access rights.

LDAP users

This method of authentication requires connecting InfiniBox to the customer’s LDAP. A user that belongs to an LDAP group that is defined as an INfiniBox user group can log into InfiniBox and be assigned with the user role that is assigned to the LDAP group.

 

Accessing the user list

  • From InfiniShell - Type: user.query (see further along this chapter)
  • From the GUI - 
    1. Click the Settings icon on the GUI toolbar.
    2. Click the Users tab. The users list is displayed on screen:
       
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments