You can manage permissions through roles. Managers can belong to any number of roles. Managers inherit all permissions enabled for any roles they belong to.
VAST Cluster includes several default roles that are created during cluster deployment to cover some specific use cases, such as the read-only or csi role. Do not modify these roles. If you'd like to alter a default role, create a copy of the default role and modify the copy as needed.
Viewing Roles
From the left navigation menu, select Administrators and then Roles.
The following information can be displayed for each role:
Tip
To display or hide fields, click
.png?sv=2022-11-02&spr=https&st=2026-02-09T08%3A38%3A44Z&se=2026-02-09T08%3A50%3A44Z&sr=c&sp=r&sig=Bbhsb5tqHhQlDTPSKEXpHpW16ShCSHrMWPlDgkCncv8%3D)
to the right of a column title, and then click .png?sv=2022-11-02&spr=https&st=2026-02-09T08%3A38%3A44Z&se=2026-02-09T08%3A50%3A44Z&sr=c&sp=r&sig=Bbhsb5tqHhQlDTPSKEXpHpW16ShCSHrMWPlDgkCncv8%3D)
to open a dropdown where you can select or unselect fields. ID
The ID of the role.
Name
The name of the role.
Managers
Names of managers who have this role.
Managers Count
The number of managers who have this role.
LDAP Groups
LDAP groups associated with this role.
Default
Indicates whether this role is default.
To review permissions granted by a role, open the Actions menu for the role and select View.
Adding Roles
From the left navigation menu, select Administrators and then Roles.
Click + Create Roles to open the Add Role dialog.
In the Name field, enter a name for the role .
Select the permissions you want to include in the role.
If you want to associate authentication provider group(s) with the role, enter each group in the format <groupname>@<domain> in the Active Directory/LDAP groups field.
Users who belong to groups that are associated with the role will be able to log into VMS using their LDAP user name and password. They will be authorized based on the role(s) associated with their group.
To enter a group, start typing the initial characters and then select an auto-complete option.
To enter more than one group, enter the first group, then enter a comma and then enter another group. Each group is entered into the field with a removal button (
.png?sv=2022-11-02&spr=https&st=2026-02-09T08%3A38%3A44Z&se=2026-02-09T08%3A50%3A44Z&sr=c&sp=r&sig=Bbhsb5tqHhQlDTPSKEXpHpW16ShCSHrMWPlDgkCncv8%3D)
). You can use the remove button to remove any group.Each group can be any group on any connected LDAP-based provider, including Active Directory. Groups can be associated with multiple roles and vice versa.
When you're done, click Create.
The role is added.
Tip
To assign the role to a manager, update the manager.
Modifying Roles
Whenever you modify a role and change the permission set enabled for the role, you automatically update the inherited permissions of all the managers who have the role.
Do not modify default roles. If you'd like to alter a default role, create a copy of the default role and modify the copy as needed.
From the left navigation menu, select Administrators and then Roles.
Open the Actions menu for the role you want to modify, and select Edit.
Make changes as needed (see Adding Roles).
Click Update.
The role is modified.
Deleting Roles
Caution
Deleting a role can remove permissions from managers who have the role.
From the left navigation menu, select Administrators and then Roles.
Open the Actions menu for the role you want to delete, and then select Remove.
Click Yes to confirm the removal.
The role is deleted.