With Resource Orchestrator, you can restrict the operations that each user can perform and the resources that operations can be performed on. A collection of operations that can be performed is called a "role" and the resource that operations can be performed on is called an "access scope".
By setting a role and access scope for each user, you can restrict their privileges.
Roles are named as follows. For details on the operating privileges for each role, refer to "Table C.1 Operation Scope of Roles" of "C.1 Roles".
Role Type | Role Name |
|---|---|
Basic Roles | supervisor (special administrator) |
L-Server administrative role | lserver_admin (L-Server administrator) |
Infrastructure administrative role | infra_admin (infrastructure administrator) |
Environments shared by a resource administrator and L-Server users can be operated using basic roles.
Basic roles have the following operating privileges:
Role Name | Resource Operations | User Operations |
|---|---|---|
supervisor (special administrator) | All | All users |
admin (administrator) | All | Within a user group |
operator (operator) | Monitoring, power control, and snapshot only | Change one's own information only |
monitor (monitor) | Monitoring only | Change one's own information only |
Operating privileges for L-Server administrative roles are limited to the L-Server only. Use this role if you want to assign a separate administrator for L-Server management, in cases such as a cloud operating system where an L-Server is leased.
The lserver_admin (L-Server administrator) role can perform the following operations and supported commands only:
L-Servers
Resource Folders
The lserver_operator (L-Server operator) and lserver_monitor (L-Server monitor) roles can perform operator and monitor operations for the L-Server only.
Infrastructure administrative roles are prohibited from performing operations on an L-Server that is in use.
Use this role if you want to restrict the privileges of the users that manage the infrastructure to prevent the operation of L-Servers being affected by erroneous operations.
The infra_admin (infrastructure administrator) role can only perform monitoring and "5.6 Moving an L-Server Between Servers (Migration)" of L-Servers, but all operations can be performed for other resources.
The infra_operator (infrastructure operator) role can only perform monitoring for L-Servers and power control for other resources.
