IMPORTANT: Before granting access to external users or groups using the User Management tool:
1. Set the Authentication mode to AD on the NAS CIFS server tab. See CIFS shares on page 45.
2. Add the StoreOnce device to an AD domain. See Add the StoreOnce appliance to an Active
Directory domain on page 49.
3. To grant users or groups access to the AD domain, add them to your Active Directory. See 
Assign AD users as administrators for the CIFS server on page 51 and Add AD groups as
administrators for the StoreOnce server on page 51.
4. Grant your external users or groups access permissions to the StoreOnce System using the
User Management tool. See AD authentication mode on page 48.
NOTE: User accounts may also be managed using StoreOnce CLI commands. See the StoreOnce
System CLI Reference Guide.
An operator screen will only show a Modify button, while an administrator user management summary
screen will show additional buttons: Add Group, Add User, and Delete.
User roles and types
User roles
The following roles define the permissions associated with a user. Two default accounts, admin and
user, are created automatically when the system is installed.
• Administrator: Allows authorized users to create and edit management and StoreOnce functions
through the GUI and CLI. The default login and password are Admin and admin. The permissions
role of the administrator is admin. You cannot delete this account, but you can and should modify its
password. Once the administrator account password has been changed, its password cannot be
changed back to admin. The admin password is not sufficiently complex. The only way to revert that
password back to admin is by using the HPresetpassword user account that is only available on the
local console of the device.
• Backup Admin: Created by an Administrator. Allows the same level of access as an Administrator
except this role cannot add, edit, or delete users or edit passwords. The permissions role of the
backup admin is backup admin.
• Operator: Limits access to the GUI and CLI to monitoring and viewing. The default login and
password are Operator and operator. The permissions role of the operator is user.
User types
After installation, an administrator can configure additional user accounts and assign permissions roles
(administrator or user) and passwords to these users.
There are three types of user accounts:
• Local User (with an administrator, backup admin, or user permissions role): Local users log in locally
and are authenticated using credentials created on the StoreOnce appliance.
• External User (with an administrator, backup admin, or user permissions role): User logs in as a
domain user. External users are authenticated using their domain credentials by an external Microsoft
Active Directory Server.
• External Group (with an administrator, backup admin, or user permissions role): An external user is a
Microsoft Active Directory group. Members of the group log in as domain users. If you create a group
and then set up a member of that group as an individual user (external user) with an administrator
User roles and types 169