Permissions granted by role

The following tables show the user permissions that each role grants for the System Management Console, Search Console, and Tenant Management Console.

System Management and Search Console permissions

The following table lists the permissions that apply to the System Management Console and Search Console. Checkmarks indicate the permissions granted by each role.

Role
PermissionMonitorAdministratorSecurityServiceComplianceSearch
View user accounts
View group accounts
Create, modify, delete, and manage user accounts
Create, modify, and delete group accounts
Specify message text for the System Management Console and Search Console login pages
Configure support for Active Directory
Clear the Active Directory cache
View and modify the RADIUS server configuration
View the system overview
Stop and restart the system
View the system hardware status
View individual nodes
Stop and restart individual nodes
Eject the CD tray from a node
Remove a node from the HCP system
View storage pools, components, and volumes
Create, modify, retire, and delete storage pools, components, and volumes
View networks
Set global IP mode support for front-end networks
Modify the [hcp_system] and [hcp_backend] networks
Enable creation of user-defined networks
Create, modify, and delete user-defined networks
Enable the [hcp_management] network
Create, modify, and delete tenants
View the tenant list
View individual tenants, including tenant settings
Reset tenant security
View metadata query engine and DDS search facility settings
Modify the metadata query engine and DDS search facility settings
Select a search facility for the Search Console
View service statuses and configurations
Modify service configurations and manage service activity, including configuring and managing data migrations, replication links, and erasure coding topologies
Start, stop, enable, and disable services
View the current service schedule
Create, modify, activate, and delete service schedules
View service plans
Create, modify, retire, and delete service plans
Assign service plans to tenants
Start, stop, enable, and disable services
View network security settings
Modify network security settings
View the current SSL server certificate
Manage SSL server certificates
View and modify System Management Console security settings
View and modify HCP management API security settings
View and modify Search Console security settings
View the systemwide permission mask
Modify the systemwide permission mask
View HCP system log messages about all events except security events
View HCP system log messages about security events
View the syslog configuration
Modify the syslog configuration and test syslog connections
View SNMP settings
Modify SNMP settings and test SNMP connections
View email notification settings
Modify email notification settings and test email server connections
View the Hitachi Device Manager connection configuration
Configure the Hitachi Device Manager connection
Monitor system resource usage
Generate chargeback reports
Add comments to the HCP internal logs
Download the HCP internal logs
Modify the system DNS settings, time settings, serial number, HTTP persistent connection timeout interval, custom thread count for replication, and SNMP broken-link reporting interval
Enable creation of the default tenant and namespace
Make back-end switches known to HCP
Commit an HCP system upgrade
Use the Search Console for the default tenant
Change your own locally authenticated password in the System Management Console
Change your own locally authenticated password in the Search Console
View HCP documentation from the System Management Console
View HCP documentation from the Search Console
Renewing the storage license
Optimize for cloud
Update and create networks
Download the HCP system logs for diagnostics
Add comments to HCP system logs
Configure AD authenticated CIFS support.
View and modify AD domain controller filter
Setting the tenant management and data networks
Upload and download encryption keys
Apply exclusive Hitachi Vantara Support access credentials
View Hitachi Vantara Support access credentials

Tenant Management Console permissions

The following table lists the permissions that apply to the Tenant Management Console. Checkmarks indicate the permissions granted by each role.

Role
PermissionMonitorAdministratorSecurityCompliance
View the user account list (HCP tenants only)
View the full definition of individual user accounts (HCP tenants only)
View the description, allow namespace management property, and data access permissions for individual user accounts (HCP tenants only)
Create, associate roles with, delete, and otherwise manage user accounts, except modifying the allow namespace management property and data access permissions (HCP tenants only)
Modify the allow namespace management property and manage data access permissions for user accounts (HCP tenants only)
View the group account list (HCP tenants only)
View the full definition of individual group accounts (HCP tenants only)
View the description, allow namespace management setting, and data access permissions for individual group accounts (HCP tenants only)
Create, associate roles with, and delete group accounts, (HCP tenants only)
Modify the allow namespace management setting and manage data access permissions for group accounts (HCP tenants only)
Specify message text for the Tenant Management and Search Console login pages (HCP tenants only)
View the tenant overview
Modify the tenant contact information, permission mask, and description
Allow or disallow access to the Tenant Management Console by HCP system-level users (HCP tenants only)
View and modify Tenant Management Console security settings (HCP tenants only)
View and modify HCP management API security settings (HCP tenants only)
View and modify Search Console security settings (HCP tenants only)
View content classes and content properties
Create, modify, and delete content classes and content properties
View namespace associations with content classes
Modify namespace associations with content classes
View tenant log messages about all events except compliance and security events
View tenant log messages about compliance events
View tenant log messages about security events
View syslog and SNMP logging options
Enable or disable syslog and SNMP logging
View email notification settings
Modify email notification settings
Generate chargeback reports (HCP tenants only)
Create and delete namespaces (HCP tenants only)
View the namespace list (HCP tenants only)
View namespace overviews
Modify namespace names and quotas (HCP tenants only)
View namespace permission masks and descriptions
Modify namespace permission masks and descriptions
View namespace owners (HCP namespaces only)
Change namespace owners (HCP namespaces only)
View the tags associated with namespaces (HCP namespaces only)
Modify the tags associated with namespaces (HCP namespaces only)
View namespace default retention settings (HCP namespaces only)
Modify namespace default retention settings (HCP namespaces only)
View namespace default shred settings (HCP namespaces only)
Modify namespace default shred settings (HCP namespaces only)
View namespace default index settings (HCP namespaces only)
Modify namespace default index settings (HCP namespaces only)
View minimum data access permissions (HCP namespaces only)
Modify minimum data access permissions (HCP namespaces only)
View namespace ACL settings (HCP namespaces only)
Manage the use of ACLs in namespaces (HCP namespaces only)
View namespace retention-related settings
Modify namespace retention-related settings
View the custom metadata XML checking setting for namespaces
Modify the custom metadata XML checking setting for namespaces
View namespace object versioning configurations (HCP namespaces only)
Configure object versioning in namespaces (HCP namespaces only)
View namespace compatibility settings
Modify namespace compatibility settings
View namespace disposition settings
Modify namespace disposition settings
View namespace replication-related settings
Modify namespace replication-related settings
View the service plans associated with namespaces
Associate service plans with namespaces
View namespace retention modes
Modify namespace retention modes
View default settings for namespace creation (HCP namespaces only)
Modify default settings for namespace creation (HCP namespaces only)
View the maximum number of namespaces per user (HCP namespaces only)
Modify the maximum number of namespaces per user (HCP namespaces only)
View namespace access protocol configurations
Configure namespace access protocols for namespaces
View search and indexing options for namespaces
Modify search and indexing options for namespaces
Reindex namespaces
Monitor replication
Select namespaces for replication (HCP namespaces only)
View all namespace log messages except messages about compliance events
View namespace log messages about compliance events
View the list of irreparable objects
Acknowledge irreparable objects
Create, modify, and delete retention classes
View the list of retention classes
View individual retention classes
Perform privileged delete operations
Download HCP Data Migrator
Change your own locally authenticated password in the Tenant Management Console
View HCP documentation from the Tenant Management Console
Optimize namespaces for cloud