Role based access control (rbac), Rbac details – HP Insight Management-Software User Manual

Role based Access Control (RBAC)

Role based access control allows you to designate which operations and resources can be
manipulated.

RBAC Details

VCEM provides the following role based user types. Individual VCEMCLI commands require different
access permissions based on the resource involved and the read or write operation being called.
Access is determined based on the credentials used by VCEMCLI.

•

VCEM Administrator—Manages all VCEM resources. All operations are permitted to all
resources.

•

VCEM Domain Group Administrator—Manages VC Domains and server profiles in one or
more VC Domain Groups.

•

VCEM Domain Group Limited Operator—Manages the same tasks as the VCEM Domain Group
Operator except for creating, editing, and deleting a server profile.

•

VCEM Domain Group Operator—Manages server profiles in one or more VC Domain Groups.

•

VCEM User (Read Only)—Has read-only access to all VCEM resources.

Table 2

lists command line options and the role-based user access privileges that can use the

commands.

Table 2 RBAC privileges

VCEM User
(read only)

VCEM
Group

VCEM
Group
Operator

VCEM
Group
Administrator

VCEM
Administrator

Command line options

Limited
Operator

x

x

x

-add profile

x

x

x

-set profile

x

x

x

x

-assign profile

x

x

x

x

-unassign profile

x

x

x

-add enet-connection

x

x

x

-set enet-connection

x

x

x

-remove enet-connection

x

x

x

-add fc-connection

x

x

x

-set fc-connection

x

x

x

-remove fc-connection

x

x

x

-add fcoe-connection

x

x

x

-set fcoe-connection

x

x

x

-remove fcoe-connection

x

x

x

-add iscsi-connection

x

x

x

-set iscsi-connection

x

x

x

-remove iscsi-connection

x

x

x

-add server-port-map

x

x

x

-set server-port-map

x

x

x

-remove server-port-map

Role based Access Control (RBAC)

11