HP OneView 1.05 User Guide

ManualsBrandsHP ManualsSoftwareHP OneView w/o iLO Adv incl 3yr 24x7 Supp Phys Flex Qty Lic

161

162

163

164

165

166

167

168

169

170

23 Managing users and authentication

The appliance requires users to log in with a valid user name and password, and security is

maintained through user authentication and role based authorization. User accounts can be local,

where the credentials are stored on the appliance or can be on a company or organizational

directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts

the defined directory server to verify user credentials.

UI screens and REST API resources

REST API resourceUI screen

users, roles, authz, logindomains,

logindomains/global-settings, and

logindomains/grouptorolemapping

Users and Groups

23.1 Roles

• Minimum required privileges: Infrastructure administrator

23.2 Tasks for managing users and groups

The appliance online help provides information about using the user interface or the REST APIs to:

• Add a user with local authentication.

• Add a user with directory-based authentication.

• Add a group with directory-based authentication.

• Designate user privileges.

• Edit a user account, including updating a user password.

• Remove a user account.

• Reset the administrator password.

• Add an authentication directory service.

• Allow or disable local logins.

• Change the authentication directory service settings.

• Set an authentication directory service as the default directory.

• Remove an authentication directory service from the appliance.

23.3 About user accounts

The appliance provides default roles to separate responsibilities in an organization. A user role

enables access to specific resources managed from the appliance.

Role-based access control enforces permissions to perform operations that are assigned to specific

roles. You assign specific roles to system users or processes, which gives them permission to perform

certain system operations. Because a user is not assigned permissions directly, but instead acquires

them through their role (or roles), individual user rights are managed by assigning the appropriate

roles to the user. At initial appliance startup, there is a default administrator account with full access

(Infrastructure administrator) privileges. For more information about the actions each role can

perform, see “Action privileges for user roles” (page 166).

If you cannot see resource information or perform a resource task, your assigned role does not

have the correct privileges. In this case, you should request a different role or an additional role.

23.1 Roles 165