4 about user roles, 5 action privileges for user roles, Default roles – HP OneView User Manual

23.4 About user roles

User roles enable you to assign permissions and privileges to users based on their job
responsibilities. You can assign full privileges to a user, or you can assign a subset of permissions
to view, create, edit, or remove resources managed by the appliance.

Table 10 Appliance role types

Associated permissions or privileges

Type of user

Role

View, create, edit, or remove resources managed by the appliance, including
management of the appliance itself through the UI or command line

An Infrastructure administrator can also manage information provided by
the appliance in the form of activities, notifications, and logs.

Only an Infrastructure administrator can restore an appliance from a backup
file.

Infrastructure
administrator

Full

View only access

Read only

Read only

Create and download backup files, view the appliance settings and activities.

Has the authority to use scripts to log in to the appliance and run scripts to
back up the appliance.

NOTE:

This role is specifically intended for scripted backup creation and

download. HP recommends that users with this role should not initiate
interactive login sessions through the HP OneView user interface.

Backup administrator

Specialized

View, create, edit, or remove networks, network sets, connections,
interconnects, uplink sets, and firmware bundles; view related activities, logs,
and notifications

Network
administrator

View, create, edit, or remove server profiles and templates, network sets,
enclosures, and firmware bundles

Access the Onboard Administrator and physical servers

View connections, networks, racks, power, and related activities, logs, and
notifications

Server administrator

23.5 Action privileges for user roles

The following table lists the user action privileges associated with each user role. The Use privilege
is a special case that allows you to associate objects to objects that you own but you are not
allowed to change. For example, in a logical interconnect group, a user assigned the role of Server
administrator is not allowed to define logical interconnect groups, but can use them when adding
an enclosure.

Table 11 Action privileges for user roles

Action privileges for user roles

(C=Create, R=Read, U=Update, D=Delete, Use)

Category

Read only

Backup
administrator

Network
administrator

Server
administrator

Infrastructure
administrator

R

R

CRU

CRU

CRUD

activities

R

—

RUD

RUD

RUD

alerts

R

R

R

R

CRUD

appliance

—

—

R

R

CR

audit logs

R

CRD

R

R

CRUD

backups

—

—

R

R

RU

communitystring

166 Managing users and authentication