HP OneView 1.05 User Guide

ManualsBrandsHP ManualsSoftwareHP OneView Upgrade from Insight Management incl 3yr 24x7 Supp Flex Qty E-LTU

161

162

163

164

165

166

167

168

169

170

Table 11 Action privileges for user roles (continued)

Action privileges for user roles

(C=Create, R=Read, U=Update, D=Delete, Use)

Category

Read onlyBackup

administrator

Network

administrator

Server

administrator

Infrastructure

administrator

R———CRUDroles

RRRCRUD, UseCRUD, Useserver hardware

types

RRRCRUDCRUDserver profiles

RR—CRUDCRUDunmanaged devices

RRCRUDRCRUDuplink sets

R———CRUDusers

Server administrators cannot edit bandwidths.

23.6 About authentication settings

Security is maintained through user authentication and role-based authorization. User accounts

can be local, where the user credentials are stored on the appliance, or they can be in a directory

(Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts the

designated directory server to verify the user credentials.

When logging in to the appliance, each user is authenticated by the authentication directory

service, which confirms the user name and password. Use the Authentication settings panel to

configure authentication settings on the appliance, which is populated with default values during

first-time setup of the appliance.

To view or make changes to Authentication settings, log in with Infrastructure administrator privileges.

No other users are permitted to change or view these settings.

View and access the Authentication settings by using the UI and selecting

Settings→Security→Authentication or with the REST APIs.

23.7 About directory service authentication

You can use an external authentication directory service (also called an enterprise directory or

authentication login domain) to provide a single sign-on for groups of users instead of maintaining

individual local login accounts. Each user in a group is assigned the same role (for example,

Infrastructure administrator). An example of an authentication directory service is a corporate

directory that uses LDAP (Lightweight Directory Access Protocol).

After the directory service is configured, any user in the group can log in to the appliance. On the

• Enters their user name (typically, the Common-Name attribute, CN).

• Enters their password.

• Selects the authentication directory service. This box appears only if you have added an

authentication directory service to the appliance.

In the Session control, ( ) the user is identified by their name preceded by the authentication

directory service. For example:

CorpDir\pat

168 Managing users and authentication