beautypg.com

20 managing users and authentication, 1 roles, 2 tasks – HP OneView User Manual

Page 143: 3 about user accounts, 2 tasks 20.3 about user accounts, Managing users and authentication, Ui screens and rest api resources

background image

20 Managing users and authentication

The appliance requires users to log in with a valid user name and password, and security is
maintained through user authentication and role based authorization. User accounts can be local,
where the credentials are stored on the appliance or can be on a company or organizational
directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts
the defined directory server to verify user credentials.

UI screens and REST API resources

REST API resource

UI screen

users

, roles, authz, logindomains,

logindomains/global-settings

, and

logindomains/grouptorolemapping

Users and Groups

20.1 Roles

Minimum required privileges: Infrastructure administrator

20.2 Tasks

The appliance online help provides information about using the user interface or the REST APIs to:

Add a user with local authentication.

Add a user with directory-based authentication.

Add a group with directory-based authentication.

Designate user privileges.

Edit a user account, including updating a user password.

Remove a user account.

Reset the administrator password

.

Add an authentication directory service.

Allow local logins.

Disable local logins.

Change the authentication directory service settings.

Set an authentication directory service as the default directory.

Remove an authentication directory service from the appliance.

20.3 About user accounts

The appliance provides

default roles

to separate responsibilities in an organization. A user role

enables access to specific resources managed from the appliance.

Role-based access control enforces permissions to perform operations that are assigned to specific
roles. You assign specific roles to system users or processes, which gives them permission to perform
certain system operations. Because a user is not assigned permissions directly, but only acquires
them through their role (or roles), individual user rights are managed by assigning the appropriate
roles to the user. At initial appliance startup, there is a default administrator account with full access
(Infrastructure administrator) privileges. For more information about the actions each role can
perform, see

“Action privileges for user roles” (page 144)

.

20.1 Roles

143