Managing User Access in Qumulo Nexus | Qumulo Documentation Portal

This section explains how to manage users and user access by assigning preconfigured user roles in Qumulo Nexus.

How User Roles Work in Qumulo Nexus

Nexus roles are preconfigured for specific user tasks in your Nexus organization.

Note
You can assign multiple roles to a single user. The permissions granted by these roles are cumulative.

View: Read-only access for viewing cluster information, analytics, and data flow
Admin: Full administrative access to cluster operations, including managing users and the organization
Cluster API Access: For users with configured SSO and role-based access control (RBAC) configured for the Qumulo cluster, access to Nexus Remote Management
Important
To be able to work with Nexus Remote Management:
- SSO users must have the Cluster API Access role and either the View or Admin role assigned.
- The user's email address in Nexus and Active Directory (AD) for the Qumulo cluster must match. The AD user must also have RBAC configured in Qumulo Core</a>.
Cluster Management Admin: Full ability to create and destroy only Qumulo clusters created by using Nexus

This section explains how to view existing Nexus users, add a Nexus user, and remove a Nexus user.

Administrative access to your organization’s Nexus account
Single sign-on (SSO) configured by your organization’s storage administrator or system administrator

Log in to Qumulo Nexus.
In the upper-right corner, click your username and then click Organization Settings.
On your organization’s page, click Users

The Users page lists the users in your Nexus organization and the Full Name, Email Address, and Role for each user.
To show the roles for a user, click ⋮ > View User.

The View User Details lists the user’s full name, email address, and Applied Roles.

Log in to Qumulo Nexus.
In the upper-right corner, click your username and then click Organization Settings.
On the Users page, click Add Users.
In the Add Users side panel, for Email Address, enter one or more email addresses.

Tip
Separate multiple email addresses with commas (,).
(Optional) For SSO users, leave Do not add as SSO user unchecked.
Under Roles, click ⌄ and then select one or more user roles.
Click Save.

The Users page lists the added users.

Log in to Qumulo Nexus.
In the upper-right corner, click your username and then click Organization Settings.
On the Users page, next to a user’s name, click ⋮ > Edit User.
In the Edit User dialog box, take the following steps:
1. (Optional) Update the user’s First Name or Last Name.
2. To add a role, under Roles click ⌄ and then select one or more user roles.
3. To remove a role, under Roles click × next to a role
4. Click Save.

The Users page lists the Role assigned to the user.

Important

Removing a user from your identity provider (IdP) doesn't revoke user access immediately because existing sessions and access tokens remain active until they expire.
To revoke user access immediately, you must remove the user directly from Nexus.

Log in to Qumulo Nexus.
In the upper-right corner, click your username and then click Organization Settings.
On the Users page, next to a user’s name, click ⋮ > Remove User.
Click Remove user.
In the Remove <Username> dialog box, click Remove.

The user is removed from the Users page.

After you configure users and assign roles to them in Nexus, you can enable Nexus Remote Support and Nexus Management for your Qumulo clusters.