25 managing users and authentication, 1 roles, 2 tasks for managing users and groups – HP OneView User Manual

25 Managing users and authentication

The appliance requires users to log in with a valid user name and password, and security is
maintained through user authentication and role based authorization. User accounts can be local,
where the credentials are stored on the appliance or can be on a company or organizational
directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts
the defined directory server to verify user credentials.

UI screens and REST API resources

REST API resource

UI screen

users

, roles, authz, logindomains,

logindomains/global-settings

, and

logindomains/grouptorolemapping

Users and Groups

25.1 Roles

•

Minimum required privileges: Infrastructure administrator

25.2 Tasks for managing users and groups

The appliance online help provides information about using the user interface or the REST APIs to:

•

Add, edit (including updating a user password), or remove a user with local authentication.

•

Add a user with directory-based authentication.

•

Add a group with directory-based authentication.

•

Designate user privileges.

•

Reset the administrator password

.

•

Add an authentication directory service.

•

Allow or disable local logins.

•

Change the authentication directory service settings.

•

Set an authentication directory service as the default directory.

•

Remove an authentication directory service from the appliance.

25.3 About user accounts

The appliance provides

default roles

to separate responsibilities in an organization. A user role

enables access to specific resources managed from the appliance.

Role-based access control enforces permissions to perform operations that are assigned to specific
roles. You assign specific roles to system users or processes, which gives them permission to perform
certain system operations. Because a user is not assigned permissions directly, but instead acquires
them through their role (or roles), individual user rights are managed by assigning the appropriate
roles to the user. At initial appliance startup, there is a default administrator account with full access
(Infrastructure administrator) privileges. For more information about the actions each role can
perform, see

“Action privileges for user roles” (page 178)

.

If you cannot see resource information or perform a resource task, your assigned role does not
have the correct privileges. In this case, you should request a different role or an additional role.

25.1 Roles 177