6 about authentication settings, 7 about directory service authentication – HP OneView User Manual

Table 11 Action privileges for user roles (continued)

Action privileges for user roles

(C=Create, R=Read, U=Update, D=Delete, Use)

Category

Read only

Backup
administrator

Network
administrator

Server
administrator

Infrastructure
administrator

R

—

—

—

CRUD

roles

R

R

R

CRUD, Use

CRUD, Use

server hardware

R

R

R

CRUD, Use

CRUD, Use

server hardware
types

R

R

R

CRUD

CRUD

server profiles

R

R

—

CRUD

CRUD

unmanaged devices

R

R

CRUD

R

CRUD

uplink sets

R

—

—

—

CRUD

users

1

Server administrators cannot edit bandwidths.

23.6 About authentication settings

Security is maintained through user authentication and role-based authorization. User accounts
can be local, where the user credentials are stored on the appliance, or they can be in a directory
(Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts the
designated directory server to verify the user credentials.

When logging in to the appliance, each user is authenticated by the authentication directory
service, which confirms the user name and password. Use the Authentication settings panel to
configure authentication settings on the appliance, which is populated with default values during
first-time setup of the appliance.

To view or make changes to Authentication settings, log in with Infrastructure administrator privileges.
No other users are permitted to change or view these settings.

View and access the Authentication settings by using the UI and selecting
Settings

→Security→Authentication or with the REST APIs.

23.7 About directory service authentication

You can use an external authentication directory service (also called an enterprise directory or
authentication login domain) to provide a single sign-on for groups of users instead of maintaining
individual local login accounts. Each user in a group is assigned the same role (for example,
Infrastructure administrator). An example of an authentication directory service is a corporate
directory that uses LDAP (Lightweight Directory Access Protocol).

After the directory service is configured, any user in the group can log in to the appliance. On the
login window, the user:

•

Enters their user name (typically, the Common-Name attribute, CN).

•

Enters their password.

•

Selects the authentication directory service. This box appears only if you have added an
authentication directory service to the appliance.

In the Session control, ( ) the user is identified by their name preceded by the authentication
directory service. For example:

CorpDir\pat

168 Managing users and authentication