Create a local management user or assign a domain user or AD or LDAP group to a management role

You can create a local management user, and you can assign a management role to a local user, a domain user, or an AD or LDAP group. Management users can perform system-level administration (VDC administration) and namespace administration. You can also remove the management role assignment.

Prerequisites

  • This operation requires the System Administrator or Namespace Administrator role in ECS.
  • By default, the ECS root user is assigned the System Administrator role and can perform the initial assignment of a user to the System Administrator role.
  • To assign a domain user or an AD or LDAP group to a management role, the domain users or AD or LDAP group must have been added to ECS through an authentication provider. Adding an authentication provider must be performed by a System Administrator and is described in Add an AD or LDAP authentication provider.
  • To assign the Namespace Administrator role to a management user, you must create a management user using the following procedure and perform the role assignment on the Edit Namespace page in the ECS Portal (see Assign the Namespace Administrator role to a user or AD or LDAP group). The user cannot log in until the Namespace Administrator role is assigned.

Steps

  1. In the ECS Portal, select Manage > Users.
  2. On the User Management page, click the Management Users tab.
  3. Click New Management User.
  4. Click AD/LDAP User or Group or Local User.
    • For a domain user, in the Username field, type the name of the user. The username and password that ECS uses to authenticate a user are held in AD or LDAP, so you do not need to define a password.
    • For an AD or LDAP group, in the Group Name field, type the name of the group. The username and password that ECS uses to authenticate the AD or LDAP group are held in AD or LDAP, so you do not need to define a password.
    • For a local user, in the Name field, type the name of the user and in the Password field, type the password for the user.
    NOTE:  User names can include uppercase letters, lowercase letters, numbers and any of the following characters: ! # $ & ' ( ) * + , - . / : ; = ? @ _ ~
  5. To assign the System Administrator role to the user or AD or LDAP group, in the System Administrator box, click Yes.
    If you select Yes, but later you want to remove System Administrator privileges from the user, you can edit this setting and select No.
  6. To assign the System Monitor role to the user or AD or LDAP group, in the System Monitor box, click Yes.
  7. Click Save.