ADCM role model

A role model is implemented in ADCM. Specific sets of permissions for operations with various ADCM objects can be grouped into roles. The roles are used to create policies to grant roles’s permissions to user groups.

Permission is a basic element of the role model. Role is a set of permissions. Permissions can not be assigned directly to the groups. Permissions can be only added to the roles.

Some permissions are necessary to work with any product via ADCM. Such permissions are always present in ADCM. Other permissions are necessary to work only with a particular product. Those permissions appear in ADCM when a bundle is uploaded.

The role is assigned to a user group via policy. Assignment of multiple roles is not supported. Each user inherits the roles of the group to which they belong.

NOTE

Only the ADCM administrator (= superuser) can assign roles to the users. In particular, only the superuser can grant a superuser role to another user.

Policy is a triad that consists of the following elements:

  1. User group.

  2. Role.

  3. Object, to which the role’s permissions are applied. Object can have one of the following types:

    • Cluster

    • Service

    • Host

    • Provider

While creating a policy, the user is prompted to select one or more objects of the type that corresponds to the chosen user role.

NOTE

A policy is applied to an object as well as to all of its child objects. For example, if a policy is given to a cluster, then that policy also affects all services, components, and hosts of that cluster.

Built-in roles

ADCM comes with a few built-in roles. Changing the permissions of built-in roles is prohibited.

Built-in ADCM roles
Role name Description Object type

ADCM User

View-only role that provides ability to view all objects information

None

ADCM Auditor

View-only role that provides ability to view audit results

None

Service Administrator

Role provides ability to configure and control the life cycle of the relevant service

Service

Cluster Administrator

Role provides ability to configure and control the relevant cluster, its hosts, and its services

Cluster

Provider Administrator

Role gives full control over the relevant hostprovider and its hosts

Provider

ADCM Administrator

Role gives full control over all aspects of ADCM

None

Permissions and roles

In addition to the built-in roles, ADCM administrator can create custom roles with permissions. Available permissions and their relations to the built-in roles are listed in the table below.

Permissions and roles
Permission name Description ADCM User Service Administrator Provider Administrator Cluster Administrator ADCM Administrator ADCM Auditor

View any object configurations

Ability to view any object configurations

+

+

View cluster configurations

The ability to view cluster configurations

+

+

View service configurations

Ability to view service configurations

+

+

+

View component configurations

Ability to view component configurations

+

+

+

View provider configurations

Ability to view hostprovider configurations

+

+

View host configurations

Ability to view host configurations

+

+

+

+

Edit cluster configurations

Ability to edit cluster configurations

+

+

Edit service configurations

Ability to edit service configurations

+

+

+

Edit component configurations

Ability to edit component configurations

+

+

+

Edit provider configurations

Ability to edit hostprovider configurations

+

+

Edit host configurations

Ability to edit host configurations

+

+

+

View any object imports

Ability to view imports of all objects

+

+

View imports

Ability to view imports of a chosen object

+

+

+

Manage Imports

Ability to manage imports

+

+

+

View any cluster host-components

Ability to view any cluster hosts and components mappings

+

+

View Host-Components

Ability to view hosts and components mapping

+

+

+

Manage Host-Components

Ability to change hosts and components mapping

+

+

Add service

The ability to add services to cluster

+

+

Remove hosts

Ability to remove hosts (in the Hosts section)

+

+

Add hosts to the cluster

Ability to add hosts to the cluster

+

+

Remove hosts from the cluster

Ability to remove hosts from the cluster

+

+

Upgrade cluster bundle

Ability to upgrade the cluster bundle

+

+

Upgrade provider bundle

Ability to upgrade the hostprovider bundle

+

+

Create hostprovider

Ability to create hostproviders

+

Create host

Ability to create hosts

+

+

+

Remove hostprovider

Ability to remove hostproviders

+

Create cluster

Ability to create clusters

+

Remove cluster

Ability to remove clusters

+

Upload bundle

Ability to upload bundles

+

+

+

Remove bundle

The ability to remove bundles

+

+

+

View audit operations

Ability to view results of operation audit

+

+

+

+

+

+

View audit logins

Ability to view results of login audit

+

+

+

+

+

+

View ADCM settings

Ability to view settings

+

Edit ADCM settings

Ability to edit settings

+

View users

Ability to view users

+

+

Add new user

Ability to create users

+

Delete user

Ability to remove users

+

Update user

Ability to update users

+

View roles

Ability to view roles

+

+

Add new role

Ability to create roles

+

Delete role

Ability to remove roles (only for custom roles)

+

Update role

Ability to update roles (only for custom roles)

+

View groups

Ability to view groups

+

+

Add new group

Ability to create groups

+

Delete group

Ability to remove groups

+

Update group

Ability to update groups

+

View policies

Ability to view policies

+

Add new policy

Ability to create policies

+

Delete policy

Ability to remove policies

+

Update policy

Ability to update policies

+

Cluster Action: <Action name>

Ability to perform the <Action name> action

+

+

Host Action: <Action name>

Ability to perform the <Action name> action

+

+

+

Service Action: <Action name>

Ability to perform the <Action name> action

+

+

+

Component Action: <Action name>

Ability to perform the <Action name> action

+

+

+

Provider Action: <Action name>

Ability to perform the <Action name> action

+

+

Found a mistake? Seleсt text and press Ctrl+Enter to report it