Managing Group Administration Accounts
To use the Group Manager GUI or CLI, you need to log into a group administration account. Administration accounts prevent unauthorized individuals from accessing a group.
The default administration account, grpadmin, allows you to perform all group operations. It is recommended that you set up a separate account for each administrator to track their activities.
There are three account types, with different permissions:
- Group administrator. This account type has the same permissions as the default grpadmin account to modify any and all aspects of the group and all pools. Only group administrators can create or modify accounts.
- Pool administrator. This account type can perform operations only on the objects (volumes, members, snapshots, and so on) in the pool or pools to which the account has permission. However, pool administrators cannot move objects between pools they manage. Pool administrators can optionally monitor the entire group.
- Read-only account. This type of account cannot modify any objects in the group, but can view group and pool information. Use this account type for administrators who will only monitor group activity.
You can set up administration accounts in two ways: