Manual
OneCommand™ Manager Application P010066-01A Rev. A
4. Using the OneCommand Manager Application
Using OneCommand Manager Secure Management
84
for each user. The following table defines the OneCommand Manager application user
groups and each group's management capabilities.
On Linux or Solaris systems, the UNIX "getent group" utility can be run on the target
host system’s command shell to verify the correct configuration of the groups. The
groups, and users within the groups, appear in the output of this command.
Note: Although users may belong to the administrator group or be root users, they do
not have full privileges to run the OneCommand Manager application unless
they are also members of the ocmadmin group. Otherwise, when secure
management is enabled, a root users or administrators can only manage local
adapters (similar to the ocmlocaladmin users).
Remote management operations between two machines is allowed or denied
depending on the OneCommand Manager secure management status of the machines,
and the domains to which the machines belong. The following tables list the behavior
(assuming appropriate user credentials are used).
Table 4-1 Secure Management User Privileges
Group Name
OneCommand Manager
Capability
ocmadmin Allows full active management of
local and remote adapters.
ocmlocaladmin Permits full active management of
local adapters only.
ocmuser Permits read-only access of local and
remote adapters.
ocmlocaluser Permits read-only access of local
adapters.
Table 4-2 Active Commands: machines on same domain
Remote Server
(Secure)
Remote Server
(Not Secure)
Client (Secure) Allowed Denied *
Client (Not Secure) Denied Allowed
Table 4-3 Active Commands: machines on different domain
Remote Server
(Secure)
Remote Server
(Not Secure)
Client (Secure) Denied** Denied *
Client (Not Secure) Denied Allowed