Reference Guide
Table Of Contents
- Dell EMC OpenManage Enterprise 3.6 Security Configuration Guide
- Contents
- Figures
- Tables
- PREFACE
- Security quick reference
- Product and subsystem security
- Contacting Dell
● <
● =
● >
Authentication to external systems
OpenManage Enterprise saves device credentials encrypted with AES encryption with a 128-bit key size using encryption key
generated on Open Manage Enterprise. Device credentials are used to communicate with devices by using multiple supported
protocols such as Redfish, WSMan, SSH, IPMI, and SNMP protocols.
Authorization
OpenManage Enterprise has Role Based Access Control that clearly defines the user privileges for the three built-in roles -
Administrator, Device Manager, and Viewer. Additionally, using the Scope-Based Access Control (SBAC) an administrator can
limit the device groups that a device manager has access to.
RBAC privileges
OpenManage Enterprise Users are assigned roles which determine their level of access to the appliance settings and device
management features. This feature is termed as Role-Based Access Control (RBAC). The console enforces the privilege
required for a certain action before allowing the action. OpenManage Enterprise comes with three built-in roles - Administrator,
Device Manager, and Viewer.
With the use of Role-Based Access Control (RBAC) feature, administrators can assign roles while creating users. Roles
determine their level of access to the appliance settings and device management features. Scope-based Access Control (SBAC)
is an extension of the RBAC feature introduced in 3.6.0 that allows an administrator to restrict a Device Manager role to a
subset of device groups called scope
Role mapping
User with role
Has the following user privilege
Administrator Has full access to all the tasks that can be performed on the
console
● Full access (by using GUI and REST) to read, view, create,
edit, delete, export, and remove information related to
devices and groups monitored by OpenManage Enterprise
● Can create local, Microsoft Active Directory (AD), and
LDAP users and assign suitable roles
● Enable and disable users
● Modify the roles of existing users
● Delete the users
●
Change the user password
Device Manager (DM) Run tasks, policies, and other actions on the devices (scope)
assigned by the Administrator
Viewer
● Can only view information displayed on OpenManage
Enterprise and run reports
● y default, has read-only access to the console and all
groups
● Cannot run tasks or create and manage policies
16 Product and subsystem security