Local users – HP Onboard Administrator User Manual

Configuring the HP BladeSystem c7000 enclosure and enclosure devices 268

Onboard Administrator bays. The privilege level determines which administrative functions the user is

allowed to perform. A user's privilege level can be administrator, operator, or user.
A user with an administrator privilege level and with permission to the OA bays in the enclosure is

automatically given full access to all bays and can perform any function on the enclosure or bays including

managing user accounts and configuring the enclosure. An operator with permission to only the OA bays

can configure the enclosure, but the operator cannot manage users or any security settings, nor access any
other bays. A user with permission to the OA bays can view only configuration settings, but the user cannot

change the settings. The user accounts can be created with multiple bay permissions, but the same privilege

level, across those bays.
User accounts configured to permit access to device bays can be created for server administrators. If the user
logs into the Onboard Administrator, the user is given information on the permitted server bays. If the user

selects the iLO from the Onboard Administrator web GUI, the user is automatically logged into that iLO using

a temporary user account with their privilege level. iLO users with administrator privilege level have complete

control including modifying user accounts. Operators have full control over the server power and consoles.
Users have minimum read-only access to server information. Using this single-sign on feature greatly

simplifies managing multiple servers from the Onboard Administrator web GUI.
Permissions for interconnect modules are slightly different. Autologin is not supported for interconnect

modules, and all user levels have access to the Management Console link for interconnect bays to which they

have permission. Administrators and operators can use the virtual buttons from Onboard Administrator to
control power and the UID light on the interconnect module. Users can view only status and information about

the interconnect module.
Examples
The following are examples of management scenarios in a c-Class environment and the user accounts that
can be created to provide the appropriate level of security.
Scenario 1: A member of an organization needs to have full access to the servers in bays 1-8 to view logs,

control power, and use the remote console. The user does not have clearance to manage any settings on

Onboard Administrator. The user account to accomplish this security level has an administrator access level
and permission to server bays 1-8. Thus, the user does not have permission to Onboard Administrator bays

or any interconnect bay.
Scenario 2: A member of an organization needs to manage ports on two interconnect modules in bays 3 and

4. This person needs to know which ports on the switch map to certain servers, but this person must not be

able to manage any of the servers. The user account to accomplish this security level has a user access level,
permission to all server bays, and permission to interconnect bays 3 and 4. However, this user is not able to

control the power or UID LED for the interconnect modules or blades. To control the power or UID to the

interconnect modules the user privilege would have to be an operator. To restrict this user from performing

server operations such as power control or consoles, the account is restricted to just bay permissions for
interconnect bays 3 and 4.

Local Users

New—Click New to add a new user to the selected enclosure. A maximum of 30 user accounts can be added
including the reserved accounts. The Add Local User screen appears.
Edit—Select a user (only one can be selected) by selecting the check box next to the name of the user. Click

Edit to change the settings on the Edit Local User screen.
Delete—Select a user or users to be deleted by selecting the check box next to the name of the user. Click
Delete to remove the accounts. If an attempt is made to delete the last remaining Administrator account, you