Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise
12345678910
Table Of Contents
Scope Based Access Control with OpenManage Enterprise 3.6|Document ID: 21396 P a g e | 9
1. User dm1 is a member of 2 AD groups (RR5-Floor1-LabAdmins, RR5-Floor3-LabAdmins). Both AD
groups have been assigned the Device Manager role, with scope assignments for the AD groups are as
follows: RR5-Floor1-LabAdmins is assigned ptlab-servers, RR5-Floor3-LabAdmins is assigned smdlab-
servers. Now the scope of the Device Manager dm1 is the union of ptlab-servers and smdlab-servers.
2. User dm1 is a member of 2 AD groups (adg1, adg2). Both AD groups have been assigned the Device
Manager role, with scope assignments for the AD groups as follows: adg1 is given access to g1, adg2 is
given access to g2. If g1 is the superset of g2, then the scope of dm1 is the larger scope (g1, all its child
groups, and all leaf devices). If g1 and g2 are disjoint groups, the scope of dm1 is now the union of g1
and g2.
When a user is a member of multiple AD groups that have different roles, the higher-functionality role takes
precedence (in the order Administrator, Device Manager, Viewer).
3. User user1 is a member of 2 AD groups (adg1, adg2). The AD group adg1 has Administrator role, but
adg2 is assigned a Device Manager role scoped to g1. By virtue of being a member of both adg1 and
adg2, user1 is now an Administrator on the console.
Screenshots will illustrate what a scope restricted Device Manager user sees.
New “All Devices” view unrestricted for Administrator users