User roles and privilege levels
Within the Users/Authentication category of HP Superdome 2 Onboard Administrator, you can
access the Local Users subcategory. In this subcategory, you can create user accounts that individuals
user to log in to the HP Onboard Administrator, and have a uername, password, and, typically,
contact information. Users can have one of the following privilege levels:
•
Administrator
: Allows access to all aspects of the HP Superdome 2 Onboard Administrator
including configuration, firmware updates, user management, and resetting default settings.
•
Operator
: Allows access to all but configuration changes and user management. This account
is ideal for individuals who are required to periodically change configuration settings.
•
User
: Allows access to all information, but no changes can be made within HP Superdome 2
Onboard Administrator. This account is for individuals who must see the configuration of the
HP Superdome 2 Onboard Administrator but do not require the ability to change settings.
The privilege level approach of HP Superdome 2 Onboard Administrator to user permissions
enables the maintenance of server blade bays. This approach operates according to the following
principles:
•
Users are assigned privilege levels in User Management.
•
A user can have access to any combination of device bays, interconnect bays, and Onboard
Administrator bays.
Access to a server blade by a user depends on the privilege level assigned to the user account. If
you select a user with Administrator or OA permission, the page grays out and disables access to
the blade and interconnect permissions and selects them all.
In cases where HP SIM is used, Onboard Administrator can integrate with HP SIM and use HP
SIM users to enable a single login from HP SIM into Onboard Administrator. For more information,
see
“HP SIM Integration screen” (page 147)
.
Role-based user accounts
Role-based user accounts on Onboard Administrator serves to control the functions to which a user
has access on the Onboard Administrator.
There are two major aspects to the role-based user accounts on Onboard Administrator: bay
permissions and a user privilege level. Bay permissions determine which bays the user is allowed
to access. Bay permissions are selected during user account creation and allow access to specific
device bays, interconnect bays, or Onboard Administrator bays. The privilege level determines
which administrative functions the user is allowed to perform. A user's privilege level can be
Administrator, Operator, or User.
A user with an Administrator privilege level and with permissions to the OA bays in the enclosure
is automatically given full access to all bays and can perform any function on the enclosure or
bays including managing user accounts and configuring the enclosure. An Operator with permissions
to only the OA bays can configure the enclosure, but the Operator can neither manage users or
any security settings, nor access any other bays. A User with permission to the OA bays can view
only configuration settings, but the User cannot change the settings. The user accounts can be
created with multiple bay permissions, but the same privilege level, across those bays.
User accounts configured to permit access to device bays can be created for server administrators.
If the user logs into the Onboard Administrator, the user is given information on the permitted server
bays. If the user selects the iLO 3 from the Onboard Administrator web GUI, the user is automatically
logged into that iLO 3 using a temporary user account with their privilege level. iLO 3 users with
administrator privilege level have complete control including modifying user accounts. Operators
have full control over the server power and consoles. Users have minimum read-only access to
server information. Using this single-sign on feature greatly simplifies managing multiple servers
from the Onboard Administrator web GUI.
Managing users
135