20 managing users and authentication, 1 roles, 2 tasks – HP OneView User Manual
Page 143: 3 about user accounts, 2 tasks 20.3 about user accounts, Managing users and authentication, Ui screens and rest api resources
20 Managing users and authentication
The appliance requires users to log in with a valid user name and password, and security is
maintained through user authentication and role based authorization. User accounts can be local,
where the credentials are stored on the appliance or can be on a company or organizational
directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts
the defined directory server to verify user credentials.
UI screens and REST API resources
REST API resource
UI screen
users
, roles, authz, logindomains,
logindomains/global-settings
, and
logindomains/grouptorolemapping
Users and Groups
20.1 Roles
•
Minimum required privileges: Infrastructure administrator
20.2 Tasks
The appliance online help provides information about using the user interface or the REST APIs to:
•
Add a user with local authentication.
•
Add a user with directory-based authentication.
•
Add a group with directory-based authentication.
•
Designate user privileges.
•
Edit a user account, including updating a user password.
•
Remove a user account.
•
Reset the administrator password
•
Add an authentication directory service.
•
Allow local logins.
•
Disable local logins.
•
Change the authentication directory service settings.
•
Set an authentication directory service as the default directory.
•
Remove an authentication directory service from the appliance.
20.3 About user accounts
The appliance provides
to separate responsibilities in an organization. A user role
enables access to specific resources managed from the appliance.
Role-based access control enforces permissions to perform operations that are assigned to specific
roles. You assign specific roles to system users or processes, which gives them permission to perform
certain system operations. Because a user is not assigned permissions directly, but only acquires
them through their role (or roles), individual user rights are managed by assigning the appropriate
roles to the user. At initial appliance startup, there is a default administrator account with full access
(Infrastructure administrator) privileges. For more information about the actions each role can
perform, see
“Action privileges for user roles” (page 144)
.
20.1 Roles
143