You can manage users and groups in local providers on the VAST cluster, without the need to connect an external authentication and authorization provider, such as Active Directory or LDAP. You can create multiple local providers and associate each provider with one or more tenants. Local providers are useful for:
Adding users when you do not have an external provider configured.
Adding POSIX attributes for a user who is defined on Active Directory without POSIX attributes. In this case, use the same user name as is used on Active Directory so that the user database will associate these attributes to the same user.
Adding users to manually override incorrect or outdated POSIX attributes on external providers.
In case of any conflict between user POSIX attributes on any external authorization provider and the local provider, the local provider attributes override the external provider. For more details, see Overview of User Management and Authorization.
Creating a Local User in VAST Web UI
From the left navigation menu, choose User Management and then Local Users.
In the Local Users tab, click Create Local User and complete the following fields:
Name (required)
The user name.
UID
The user's POSIX UID.
Leading group
The name of the user's leading group.
This is the group assigned by default as the owning group of any files created by the user.
Select the group from the dropdown. If the group has not been added to the local provider, add the group first.
Groups
Names of other groups that the user belongs to beside the leading group. Also known as auxiliary groups.
Select groups from the dropdown. If a group has not been added to the local provider, add the group first.
Select tenant to see user details
Select a tenant from the list. Tenants associated with the selected local provider (if any) are shown, as well as the default tenant.
Temporary password and Generate Password
Enter a temporary password for the user, or click Generate Password to have it generated.
The password is needed if the local user is required to login to VMS. The password can be any string matching the password requirements set in VMS settings. The user will be required to change the password when they first login using it. .
Allow Create Bucket
Enable this setting to give the user permission to create S3 buckets. The setting will apply to the user for the selected Tenant (it could be set differently for the same user in a different tenant).
Disabled by default.
Allow Delete Bucket
Enable this setting to give the user permission to delete S3 buckets. The setting will apply to the user for the selected Tenant (it could be set differently for the same user in a different tenant).
Disabled by default.
Identity Policies
Optionally, select one or more S3 identity policies to assign to the user. If needed, click Add Identity Policy to create a policy first. The list of policies shown are for the selected tenant, if a tenant is associated with the provider.
Click Create. The user is created. Once the user is created, you can update it and add S3 access keys to it. Follow the steps in Modifying a User in VAST Web UI.
Modifying a User in VAST Web UI
From the left navigation menu, select User Management and then Local Users.
In the Local Users page that opens, right-click the user, and select Edit.
In the Update User dialog that opens, make the changes you need and click Update, including adding S3 access keys.
The user is updated with the changes.
Removing a User in VAST Web UI
From the left navigation menu, choose User Management and then Local Users.
In the Local Users page that opens, right-click the user that you want to edit and select Remove.
In the confirmation popup, click Yes to confirm the removal.
The user is deleted from the local provider.