Users Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage Essentials Version 2.1

331

332

333

334

335

336

337

338

339

340

Managing Security Settings

Using Security Roles and Permissions

OpenManage Essentials provides security through role-based access control (RBAC), authentication, and

encryption. RBAC manages security by determining the operations run by persons in particular roles.

Each user is assigned one or more roles, and each role is assigned one or more user rights that are

permitted to users in that role. With RBAC, security administration corresponds closely to an

organization's structure.

OpenManage Essentials roles and associated permissions are as follows:

• OmeUsers have limited access and rights and can perform read-only operations in OpenManage

Essentials. They can log in to the console, run discovery and inventory tasks, view settings, and

acknowledge events. The Windows Users group is a member of this group.

• OmeAdministrators have full access to all the operations within OpenManage Essentials. Windows

Administrators group is member of this group.

• OmeSiteAdministrators have full access to all the operations within OpenManage Essentials with the

following rights and restrictions:

– Can only create custom device groups under All Devices in the device tree. They can create

remote or system update tasks on the custom device groups only after the custom device groups

are assigned to them by the OmeAdministrators.

* Cannot edit custom device groups.

* Can delete custom device groups.

– Can create remote and system update tasks on only the device groups assigned to them by the

OmeAdministrators.

– Can only run and delete remote and system update tasks that they have created.

* Cannot edit remote tasks, including activating or deactivating the task schedule.

* Cannot clone remote or system update tasks.

* Can delete tasks they have created.

– Can delete devices.

– Cannot edit or target device queries.

– Cannot edit or access the Device Group Permissions portal.

– Cannot create remote and system update tasks based on a device query.

NOTE: Any changes made to the role or device group permissions of a user are effective only

after the user logs out and logs in again.

• OmePowerUsers have the same rights as OmeAdministraors except that they cannot edit

preferences.

Microsoft Windows Authentication

For supported Windows operating systems, OpenManage Essentials authentication is based on the

operating system's user authentication system using Windows NT LAN Manager (NTLM v1 and NTLM v2)

339