.. _Managing Acronis Storage Users:

Managing Acronis Storage Users
------------------------------

During the management panel installation on the first node, Acronis Storage creates the default unique administrator account, superadmin. The user name for this account is ``admin`` and the password is specified during installation. This account cannot be deleted and its privileges cannot be changed. Other than that, superadmin does not differ from a user account assigned the **Administrator** role (i.e. an admin).

An admin can create user accounts and assign to them one or more roles listed below:

- **Administrator**. Can fully manage cluster and users.
- **Network**. Can modify network settings and roles.
- **Cluster**. Can create cluster, join nodes to cluster, and manage (assign and release) disks.
- **iSCSI**. Can create and manage iSCSI targets and LUNs.
- **S3**. Can create and manage S3 cluster.
- **Acronis Backup Gateway**. Can create and manage Acronis Backup Gateway.
- **SSH**. Can add and remove SSH keys for cluster nodes access.
- **Updates**. Can install updates.

User accounts to which no roles are assigned are guest accounts. Guests can monitor Acronis Storage performance and parameters but cannot change any settings.

.. note:: All users can change their own passwords (see :ref:`Managing User Accounts`).

.. _Creating User Accounts:

Creating User Accounts
~~~~~~~~~~~~~~~~~~~~~~

To create a user account in the web-based user interface, do the following:

1. Log in to the management panel as admin.

2. Open the **SETTINGS** > **Users** screen and click **ADD USER**.

3. On the **Add user** panel, specify the user name, password, and, if required, a user description in the corresponding fields.

   .. image:: ../../../images/stor_image_1_1.png
      :align: center
      :class: align-center

4. Check the roles to assign to the account and click **Done**.

.. _Managing User Accounts:

Managing User Accounts
~~~~~~~~~~~~~~~~~~~~~~

Any user can change their account password by clicking the user icon in the top right corner of the management panel and then clicking **Change password**.

An admin can create/delete other users' accounts, add/remove roles from them, change their descriptions and passwords (although superadmin's password can only be changed by superadmin), as well as enable/disable user accounts (i.e. allow/prohibit user login). To manage a user account, login as an admin, open the **Settings** -> **Users** screen, select a user from the list, and click **Configure** or **Delete** depending on what you need to do.

.. image:: ../../../images/stor_image_1_2.png
   :align: center
   :class: align-center

.. _Adding LDAP or Active Directory Users:

Adding LDAP or Active Directory Users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can add users and user groups to Acronis Storage from an external LDAP-compliant database or Microsoft Active Directory. These users will be able to log in using their respective user names and passwords. The set of actions these users will be able to perform in Acronis Storage will be defined by the roles you assign in Storage (listed in :ref:`Managing Acronis Storage Users`).

To add an LDAP (or AD) user or group to Acronis Storage, do the following:

#. On the **SETTINGS** > **Advanced settings** screen, open the **LDAP/AD** tab.

   .. image:: ../../../images/stor_image1_8.png
      :align: center
      :class: align-center

#. Select ``LDAP`` or ``Microsoft Active Directory`` from the **Type** drop-down list.

#. Specify the following parameters:

   - IP **Address** of an LDAP server or AD domain controller;
   - (optional) LDAP **Port**;
   - **Bind DN** (a distinguished name of an LDAP authentication database user) or **Login** (AD);
   - **Bind Password** (LDAP) or **Password** (AD);
   - **Search Base DN**, a distinguished name of a search starting point;
   - (optional) **Advanced** LDAP or AD parameters.

#. Click **Save** to authenticate in Active Directory or LDAP server.

#. On the **SETTINGS** > **Users** screen, click **ADD LDAP USER**.

#. On the **Add LDAP users** panel, select users or user groups to add to Acronis Storage and click **Add**.

   .. image:: ../../../images/stor_image1_9.png
      :align: center
      :class: align-center

#. On the **Roles** panel, select the roles to assign to selected users or user groups. 

   .. note:: If a role is assigned to a group, every user in it is granted the corresponding privileges.

   .. image:: ../../../images/stor_image1_10.png
      :align: center
      :class: align-center

#. Click **Add** to add users to Acronis Storage.

   .. image:: ../../../images/stor_image1_11.png
      :align: center
      :class: align-center