Use the mkusergrp command to create a new user group.
Syntax
Parameters
-namegroup_name
(Required) Specifies the unique user group name. The group name cannot start or end
with a blank. The group name must consist of a string of 1 - 64 ASCII characters, except
for the following characters: %:",*' .
-rolerole_id | name
(Required) Specifies the role (by ID or name) to be associated with all users that
belong to this user group. One of the following roles must be selected:
Monitor
CopyOperator
Service
FlashCopyAdmin
Administrator
SecurityAdmin
VasaProvider
RestrictedAdmin
3SiteAdmin
The role SecurityAdmin cannot be set
for an owned user group.
-remoteyes | no
(Optional) Specifies if this user group should be used to set the role of remote
users. The default value is no.
-ownershipgroupowner_id | owner_name
(Optional) The name or ID of the ownership group to which the object is being
added.
Description
The
mkusergrp command creates a new user group to organize users of the Storwize® V7000 clustered
system by role. Use the lsusergrp command to view a list of user groups
that have been created on the clustered system.
You must have the security
administrator role (SecurityAdmin role name) to create, delete,
or change a user group.
Each user group has one role that determines the role of users
that belong to that group. Use the role parameter to specify one of the
following roles for the user group:
Monitor
Additionally, you can issue any information display command and the following
commands:
finderr
dumperrlog
dumpinternallog
chcurrentuser
ping
svcconfig backup
CopyOperator
You can issue the following commands:
prestartfcconsistgrp
startfcconsistgrp
stopfcconsistgrp
chfcconsistgrp
prestartfcmap
startfcmap
stopfcmap
chfcmap
startrcconsistgrp
stoprcconsistgrp
switchrcconsistgrp
chrcconsistgrp
startrcrelationship
stoprcrelationship
switchrcrelationship
chrcrelationship
chpartnership
In addition, you can issue all of the commands that are allowed by the
Monitor role.
FlashCopy Admin
You can issue the following commands:
backupvolumegroup
backupvolume
chcurrentuser
chfcconsistgrp
chfcmap
chvolumegroup
dumperrlog
dumpinternallog
finderr
logerror
lscurrentssh
mkfcconsistgrp
mkfcmap
mkvdiskhostmap
mkvolumegroup
prestartfcconsistgrp
prestartfcmap
restorevolume
rmfcconsistgrp
rmfcmap
rmvdiskhostmap
rmvolumebackupgeneration
rmvolumegroup
startfcconsistgrp
startfcmap
stopfcconsistgrp
stopfcmap
Service
You can issue the following commands:
applysoftware
setlocale
addnode
rmnode
cherrstate
writesernum
detectmdisk
includemdisk
clearerrlog
cleardumps
settimezone
stopsystem
startstats
stopstats
settime
In addition, you can issue all of the commands that are allowed by the
Monitor role.
Administrator
You can issue any command other than:
chauthservice
mkuser
rmuser
chuser
mkusergrp
rmusergrp
chusergrp
setpwdreset
VASAProvider
The system uses this role to implement the VMware Virtual Volumes function. It
provides a group with users that can be used by that software. You can issue any
command other than:
chauthservice
chldap
chldapserver
chsecurity
chuser
chusergrp
mkldapserver
mkuser
mkusergrp
rmldapserver
rmuser
rmusergrp
setpwdreset
SecurityAdmin
You can issue all commands except for sainfo and
satask commands. These commands can only be issued by user
superuser.
3SiteAdmin
A user in a group with this role is required for the use of the 3-site orchestrator
function. For more information on the 3-site orchestrator function, refer to the
documentation.
The command returns the ID of the created user group.
