Manualshelf

User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's
281282283284285286287288289290
260 XgOS User’s Guide September 2014
Note It is important to understand that regular expressions are used to match the
user’s groups against the role group mappings (for example, admin* is not the same
as admin.*). Detailed explanation of regular expressions is outside the scope of this
document. More information about regular expressions can be found on line.
The following role-groups are supported:
administrators
operators
network
storage
servers
noaccess
The noaccess group is a special case in which the user that is mapped to this role
cannot use the Oracle Fabric Interconnect or even display any information with it.
With role group mapping, you gain flexibility in how the AD groups interact with
the Oracle Fabric Interconnect’s RBAC model.
You can use existing AD groups without the need to recreate them per specific
guidelines to interact with the Oracle Fabric Interconnect. Instead, your existing
AD groups can be mapped into the Oracle Fabric Interconnect’s RBAC model.
New groups can be created based on your department policies, then mapped into
the Oracle Fabric Interconnect’s RBAC model.
To determine the IMS roles that a user gets, a comparison occurs. The Oracle Fabric
Interconnect matches against the AD groups configured, and the role group
mapping to determine what RBAC role a user gets when that user logs in to the
Oracle Fabric Interconnect. The match is made using a regular expression to find all
the groups that might belong to a user. Then, the role is determined based on the
precedence of the role group mappings. For details, see “Interaction Between
Different Role Group Mappings” on page 261.
Because two group models exist for Xsigo RBAC using AD/LDAP (the previous
version with “xg-” AD groups, and now role group mappings), there are some
considerations for how the two models interoperate. Both models are supported, but
for details, see “Interaction Between Existing Groups and Role Group Mappings” on
page 261.
Note Role group mappings are supported for AD/LDAP only. RADIUS and other
IMS methods are not supported by this feature.