Local users – HP Onboard Administrator User Manual
Page 268
Configuring the HP BladeSystem c7000 enclosure and enclosure devices 268
Onboard Administrator bays. The privilege level determines which administrative functions the user is
allowed to perform. A user's privilege level can be administrator, operator, or user.
A user with an administrator privilege level and with permission to the OA bays in the enclosure is
automatically given full access to all bays and can perform any function on the enclosure or bays including
managing user accounts and configuring the enclosure. An operator with permission to only the OA bays
can configure the enclosure, but the operator cannot manage users or any security settings, nor access any
other bays. A user with permission to the OA bays can view only configuration settings, but the user cannot
change the settings. The user accounts can be created with multiple bay permissions, but the same privilege
level, across those bays.
User accounts configured to permit access to device bays can be created for server administrators. If the user
logs into the Onboard Administrator, the user is given information on the permitted server bays. If the user
selects the iLO from the Onboard Administrator web GUI, the user is automatically logged into that iLO using
a temporary user account with their privilege level. iLO users with administrator privilege level have complete
control including modifying user accounts. Operators have full control over the server power and consoles.
Users have minimum read-only access to server information. Using this single-sign on feature greatly
simplifies managing multiple servers from the Onboard Administrator web GUI.
Permissions for interconnect modules are slightly different. Autologin is not supported for interconnect
modules, and all user levels have access to the Management Console link for interconnect bays to which they
have permission. Administrators and operators can use the virtual buttons from Onboard Administrator to
control power and the UID light on the interconnect module. Users can view only status and information about
the interconnect module.
Examples
The following are examples of management scenarios in a c-Class environment and the user accounts that
can be created to provide the appropriate level of security.
Scenario 1: A member of an organization needs to have full access to the servers in bays 1-8 to view logs,
control power, and use the remote console. The user does not have clearance to manage any settings on
Onboard Administrator. The user account to accomplish this security level has an administrator access level
and permission to server bays 1-8. Thus, the user does not have permission to Onboard Administrator bays
or any interconnect bay.
Scenario 2: A member of an organization needs to manage ports on two interconnect modules in bays 3 and
4. This person needs to know which ports on the switch map to certain servers, but this person must not be
able to manage any of the servers. The user account to accomplish this security level has a user access level,
permission to all server bays, and permission to interconnect bays 3 and 4. However, this user is not able to
control the power or UID LED for the interconnect modules or blades. To control the power or UID to the
interconnect modules the user privilege would have to be an operator. To restrict this user from performing
server operations such as power control or consoles, the account is restricted to just bay permissions for
interconnect bays 3 and 4.
Local Users
New—Click New to add a new user to the selected enclosure. A maximum of 30 user accounts can be added
including the reserved accounts. The Add Local User screen appears.
Edit—Select a user (only one can be selected) by selecting the check box next to the name of the user. Click
Edit to change the settings on the Edit Local User screen.
Delete—Select a user or users to be deleted by selecting the check box next to the name of the user. Click
Delete to remove the accounts. If an attempt is made to delete the last remaining Administrator account, you