You can permit and limit access to administrative areas of your cluster on a per-user basis through roles. OneFS includes several built-in administrator roles with predefined sets of privileges that cannot be modified. You can also create custom roles and assign privileges.

The following list describes what you can and cannot do through roles:

  • You can assign privileges to a role.
  • You can assign privileges to a role as read-only, even if the privilege is read/write by default.
  • You can create custom roles and assign privileges to those roles.
  • You can copy an existing role.
  • You can add any user or group of users, including well-known groups, to a role as long as the users can authenticate to the cluster.
  • You can add a user or group to more than one role.
  • You cannot assign privileges directly to users or groups.
NOTE: When OneFS is first installed, only users with root- or admin-level access can log in and assign users to roles.