Users Guide
Conguring user accounts and privileges
You can setup user accounts with specic privileges (role-based authority) to manage your system with CMC and maintain system security.
By default, CMC is congured with a default root account. As an administrator, you can set up user accounts to allow other users to access
the CMC.
You can set up a maximum of 16 local users, or use directory services such as Microsoft Active Directory or LDAP to setup additional user
accounts. Using a directory service provides a central location for managing authorized user accounts.
CMC supports role-based access to users with a set of associated privileges. The roles are administrator, operator, read-only, or none. The
role denes the maximum privileges available.
Topics:
• Types of users
• Modifying root user administrator account settings
• Conguring local users
• Conguring Active Directory users
• Conguring generic LDAP users
Types of users
There are two types of users:
• CMC users or chassis users
• iDRAC users or server users (since the iDRAC resides on a server)
CMC and iDRAC users can be local or directory service users.
Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not automatically transferred to the
same user on a server, because server users are created independently from CMC users. In other words, CMC Active Directory users and
iDRAC Active Directory users reside on two dierent branches in the Active Directory tree. To create a local server user, the Congure
Users must log in to the server directly. The Congure Users cannot create a server user from CMC or vice versa. This rule protects the
security and integrity of the servers.
Table 17. User Types
Privilege Description
CMC Login User User can log in to CMC and view all the CMC data, but cannot add or modify data or execute commands.
It is possible for a user to have other privileges without the CMC Login User privilege. This feature is useful
when a user is temporarily not allowed to log in. When that user’s CMC Login User privilege is restored, the
user retains all the other privileges previously granted.
Chassis Conguration
Administrator
User can add or change data that:
• Identies the chassis, such as chassis name and chassis location.
• Is assigned specically to the chassis, such as IP mode (static or DHCP), static IP address, static
gateway, and static subnet mask.
10
Conguring user accounts and privileges 109