Users Guide
Accumulating privileges using Extended Schema
The Extended Schema Authentication mechanism supports Privilege Accumulation from dierent privilege objects associated with the
same user through dierent Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user
the super set of all assigned privileges corresponding to the dierent privilege objects associated with the same user.
The following gure provides an example of accumulating privileges using Extended Schema.
Figure 3. Privilege accumulation for a user
The gure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects.
Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned
privileges of the dierent privilege objects associated to the same user.
In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges
on both iDRAC1 and iDRAC2. In addition, this gure shows that User1 can be in a dierent domain and can be a member of a group.
Conguring Extended schema Active Directory
To congure Active Directory to access iDRAC:
1 Extend the Active Directory schema.
2 Extend the Active Directory Users and Computers Snap-in.
3 Add iDRAC users and their privileges to Active Directory.
4 Congure iDRAC Active Directory properties using iDRAC Web interface or RACADM.
Related link
Extended schema Active Directory overview
Installing Dell extension to the Active Directory users and computers snap-in
Adding iDRAC users and privileges to Active Directory
Conguring Active Directory with Extended schema using iDRAC web interface
Conguring Active Directory with Extended schema using RACADM
Conguring
user accounts and privileges 145