How directory login restrictions are enforced, Restricting roles – HP Integrated Lights-Out 2 User Manual

An admin user gains the login right from the regular user group. More advanced rights are assigned
through the Admin role, which assigns additional rights – Server Reset and Remote Console.

The Admin role assigns all admin rights Server Reset, Remote Console, and Login.

How directory login restrictions are enforced

Two sets of restrictions potentially limit a directory user's access to LOM devices. User access
restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an
authenticated user's ability to receive LOM privileges based on rights specified in one or more
Roles.

Restricting roles

Restrictions allow administrators to limit the scope of a role. A role only grants rights to those users
that satisfy the role's restrictions. Using restricted roles results in users with dynamic rights that can
change based on the time of day or network address of the client.

NOTE:

When directories are enabled, access to a particular iLO 2 is based on whether the user

has read access to a Role object that contains the corresponding iLO 2 object. This includes but
is not limited to the members listed in the role object. If the Role is set up to allow inheritable
permissions to propagate from a parent, then members of the parent which have read access
privileges will also have access to iLO 2. To view the access control list, navigate to Users and
Computers, open the properties screen for the Role object and select the Security tab.

158

Directory services