About user roles in VCS
Prev About the VCS user privilege model Next

About user roles in VCS

User roles in VCS lists the predefined VCS user roles, with a summary of their associated privileges.

 

User roles in VCS

User Role

Privileges

Cluster Administrator 

Cluster Administrators are assigned full privileges, including making configuration read-write, creating and deleting groups, setting group dependencies, adding and deleting systems, and adding, modifying, and deleting users. All group and resource operations are allowed. Users with Cluster Administrator privileges can also change other users' privileges and passwords. 

To stop a cluster, cluster administrators require administrative privileges on the local system.  

Note   Cluster Administrators can change their own and other users' passwords only after changing the configuration to read/write mode.

Cluster Administrators can create and delete resource types. 

Cluster Operator 

Cluster Operators can perform all cluster-, group-, and resource-level operations, including modifying the user's own password and bringing service groups online. 

Note   Cluster Operators can change their own passwords only if configuration is in read/write mode. Cluster Administrators can change the configuration to the read/write mode.

Users with this role can be assigned Group Administrator privileges for specific service groups. 

Group Administrator 

Group Administrators can perform all service group operations on specific groups, such as bringing groups and resources online, taking them offline, and creating or deleting resources. Additionally, users can establish resource dependencies and freeze or unfreeze service groups. Note that Group Administrators cannot create or delete service groups. 

Group Operator 

Group Operators can bring service groups and resources online and take them offline. Users can also temporarily freeze or unfreeze service groups. 

Cluster Guest 

Cluster Guests have read-only access to the cluster, meaning they can view the configuration, but cannot change it. They can modify their own passwords only if the configuration is in read/write mode. They cannot add or update users. Additionally, users with this privilege can be assigned Group Administrator or Group Operator privileges for specific service groups. 

Note   By default, newly created users are assigned Cluster Guest permissions.

Group Guest 

Group Guests have read-only access to the service group, meaning they can view the configuration, but cannot change it. The Group Guest role is available for clusters running in secure mode.  

Prev Up Next
About VCS privilege levels Home About the hierarchy in VCS roles