< Previous  | TOC | Index | Next  >

User types

Two types of users exist in the Cluster Management Console: management server users (VCSMC users) and cluster users. These user types are distinct. Management server users and cluster users do not share authority even though they may share a privilege name. For example, a management server administrator has the same privilege name as a cluster administrator, but each has authority over a very different set of objects and tasks.

About management server users

Management server users perform management server administration tasks on management server objects. Management server users can have the privilege of administrator or guest. Management server users administer management servers, maintenance windows, users, report jobs, tags, notification, and the database.

When created, management server users are not associated with any specific cluster, but are assigned guest privilege (read-only privilege) on all managed clusters. A management server user can also add and remove clusters from the managed enterprise.

A management server administrator can grant the cluster privileges of administrator, operator, or guest to any management server user, including himself. A management server administrator can also add users, change users' privileges (including his own), and delete users.

Only a management server administrator can configure and run reports, configure notification, administer the database, and assign privileges to both management server and cluster users.

About cluster users

Cluster users perform cluster administration tasks on cluster objects. Cluster users can have the privilege of administrator, operator, or guest. A subgroup of cluster users, called service group users, can have the privilege of administrator or operator. Cluster users administer clusters, service groups, resources, and their associated attributes and dependencies.

Cluster user information is not maintained in the management server database. Cluster user information is kept on the cluster, whether the cluster user was created in the Cluster Management Console or in VCS. If a user attempts to modify a cluster, privilege information for that user is communicated from the cluster to the management server.

The following are true for users of VCS clusters that are configured in secure mode (clusters that are configured to use Symantec Product Authentication Service):

• These users must be explicitly added as management server users in the Cluster Management Console so that they can log in to the console.
• These users retain their original privileges on their original clusters when using the console.
• The management server authenticates these users against a Symantec Product Authentication Service authentication broker.

You can not log in to the management server with VCS user names from VCS clusters that are not configured in secure mode.