Managing users, Users/authentication, User roles and privilege levels – HP Onboard Administrator User Manual
Page 267: Role-based user accounts
Configuring the HP BladeSystem c7000 enclosure and enclosure devices 267
Managing users
Users/Authentication
This section explains the levels of user rights recognized by the HP BladeSystem Onboard Administrator and
provides detailed procedures to configure the management functionalities provided by the Onboard
Administrator.
The Users/Authentication menu item cannot be selected and does not display overview information for user
accounts or settings. Instead, select any of the sublevel menu items for specific settings.
User roles and privilege levels
Within the Users/Authentication category of HP BladeSystem Onboard Administrator, you can access the
Local Users subcategory. In this subcategory, you can create user accounts that individuals use to log in to the
HP Onboard Administrator, and have a username, password, and typically contact information. Users can
have one of three privilege levels:
•
ADMINISTRATOR allows access to all aspects of the HP BladeSystem Onboard Administrator including
configuration, firmware updates, user management, and resetting default settings.
•
OPERATOR allows access to all information, but only certain configuration settings can be changed.
This account is used for individuals who might be required to periodically change configuration
settings.
•
USER allows access to all information, but no changes can be made within HP BladeSystem Onboard
Administrator. This account is used for individuals who need to see the configuration of the HP
BladeSystem Onboard Administrator but do not need the ability to change settings.
The privilege level approach of HP BladeSystem Onboard Administrator to user permissions facilitates the
maintenance of server blade bays. This approach operates according to the following principles:
•
Users are assigned privilege levels in User Management.
•
A user can have access to any combination of device bays, interconnect bays, and Onboard
Administrator bays.
Access to a server blade by a user depends on the privilege level assigned to the user account. If you select
a user with Administrator ACL or OA permission, the page will grey out and disable access to the blade and
interconnect permissions and select them all.
In cases where HP SIM is used, Onboard Administrator can integrate with HP SIM and use HP SIM users to
facilitate a single login from HP SIM into Onboard Administrator. For more information, see HP SIM
integration.
Role-based user accounts
Role-based user accounts on Onboard Administrator serve two purposes: to control the functions a user has
access to on Onboard Administrator and to control permissions a temporary user account adopts on iLO
when autologin is used.
There are two major aspects of role-based user accounts on Onboard Administrator: bay permissions and a
user privilege level. Bay permissions determine which bays the user is allowed to access. Bay permissions are
selected during user account creation and allow access to specific device bays, interconnect bays, or