You are here:

Role-Based Access Control Overview

Role-based access control allows you to set the resources and permissions available to ECX accounts. Through role-based access control you can tailor ECX for individual users, giving them access to the features and providers they need. Once providers are associated with a site, they can be added to a resource pool along with high level ECX features such as Policies, Reports, and screens. Roles are then configured to define the actions that can be performed by the user of the account associated with the resource pool. These parameters are then associated with one or more user accounts, which can be native to ECX or imported as part of an LDAP group.

Note: Users that register providers, such as storage devices, or add resources to ECX, such as jobs or customized reports, will have full access to interact with those providers or resources regardless of role-based access control restrictions. For example, if a user's permission allows them to register NetApp providers, they will also be able to view, edit, and unregister the NetApp providers that they registered, even if the necessary permissions are not assigned to them through role-based access control.

Configure role-based access control in the Access Control Roles icon view on the Configure tab.

Resource Pools - A resource pool defines the resources that will be made available to an account. Every provider added to ECX, such as storage devices and LDAP servers, can be included in a resource pool, along with individual ECX functions and screens. This gives you the ability to finely-tune the experience of a user. For example, a resource pool could include only storage devices associated with a single vendor, with access to only the ECX search and reporting functionality. When the resource pool is associated with a role and an account, the account user will only see the screens associated with search and reporting, and will only have access to the storage devices defined in the resource pool. See Configure Resource Pools.

Roles - Roles define the actions that can be performed on the resources defined in a resource pool. A resource pool defines the providers that will be made available to an account, such as storage devices, and resources, such as ECX functions and screens; a role sets the permissions to interact with the resources defined in the resource pool. For example, if a resource pool is created that includes ECX Backup and Restore jobs, the role will determine how a user can interact with the jobs. Permissions can be set to allow a user to create, view, and run the Backup and Restore jobs defined in a resource pool, but not delete them. Similarly, permissions can be set to create administrator accounts, allowing a user to create and edit other accounts, set up sites and resources, and interact with all of the available ECX features. See Configure Roles.

Accounts - An account associates a resource pool with a role. To enable a user to log on to ECX and use its functions, you must first add the user to ECX as a native user or as part of an imported group of LDAP users, then assign resource pools and roles to the user account. The account will have access to the resources and features defined in the resource pool as well as the permissions to interact with the resources and features defined in the role. See Configure Accounts.