Role-Based Security and its Implementation This Dell Technical White Paper describes how OpenManage Essentials supports and implements role-based access control at its operational level.
Role-Based Security and its Implementation This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. © 2011 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.
Role-Based Security and its Implementation Contents Introduction ................................................................................................................ 4 Role-Based Access Control Implementation .......................................................................... 4 Role-Based Access Control Implementation in OpenManage Essentials .......................................... 5 Using Security Roles and Permissions .................................................................
Role-Based Security and its Implementation Executive Summary The management of user access has long been a challenge for organizations. Central to this challenge is the concept of creating defined user roles. Used correctly, roles provide a means of simplification and allow organizations to adapt enterprise access to the needs of the business. The result is greater IT operational efficiency, business agility, and improved security through a set of preventative controls.
Role-Based Security and its Implementation Role-Based Access Control Implementation in OpenManage Essentials After you have verified that the OpenManage Essentials groups have been created, on a Windows machine, add user(s) to the OpenManage Essentials groups. Add user(s) to OmeAdministrators first, later to OmePowerUsers and then to OmeUsers. You must be logged in as an Administrator to perform this procedure. To add users, perform the following steps: Navigate to Local Users and Groups -> Groups.
Role-Based Security and its Implementation Figure 3. Select users to a group Using Security Roles and Permissions OpenManage Essentials provides security through role-based access control, authentication, and encryption. Role-based access control manages security by determining the operations run by the user in particular roles.
Role-Based Security and its Implementation privileges that are permitted to users in that role. With role-based access control, security administration corresponds closely to an organization's structure. Role-Based Essentials Access Control Architecture in OpenManage Figure 4.
Role-Based Security and its Implementation Figure 5.
Role-Based Security and its Implementation OmeAdministrators have full permissions to perform the following tasks: • Add multiple Discovery Ranges • Deploy OMSA on a remote machine • Execute any remote task and view the report OmeUsers only have read permissions. OmeUsers can view reports and export the report details to an external file. Note: A guest user must be a member of OmeAdministrators or OmeUser to access OpenManage Essentials.
Role-Based Security and its Implementation Figure 7. Right-click options enabled OmePowerUsers Console View When logged in to OpenManage Essentials, the top-right corner of the screen displays details about the user who is logged in (Figure 8). In this figure, the user permission is displayed as OmePowerUsers. The users have the same ability as the OmeAdministrators except they cannot edit preferences. Figure 8.
Role-Based Security and its Implementation OmeUser Console View In the OmeUsers console view (Figure 10), note that the logged-in OmeUser does not have Administrator privileges. Users have permissions to perform any task defined in OpenManage Essentials at the operations level. These privileges are usually read-only and do not provide any options pertaining to modification. Figure 10.
Role-Based Security and its Implementation Right-click options pertaining to modification, for example, Edit, Rename, Delete, and Disable are disabled (Figure 11). Figure 11. Right-click options disabled Learn More Visit Dell.com/PowerEdge for more information on Dell’s enterprise-class servers.