Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Blade Servers Version 2.0
111112113114115116117118119120
118 Using iDRAC6 With Microsoft Active Directory
Accumulating Privileges Using Extended Schema
The Extended Schema Authentication mechanism supports Privilege
Accumulation from different privilege objects associated with the same user
through different Association Objects. In other words, Extended Schema
Authentication accumulates privileges to allow the user the super set of all
assigned privileges corresponding to the different privilege objects associated
with the same user.
Figure 6-2 provides an example of accumulating privileges using Extended
Schema.
Figure 6-2. Privilege Accumulation for a User
The figure shows two Association Objects—A01 and A02. User1 is associated
to iDRAC2 through both association objects. Therefore, User1 has
accumulated privileges that are the result of combining the privileges set for
objects Priv1 and Priv2 on iDRAC2.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs
and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test
Alerts. As a result, User1 now has the privilege set: Login to iDRAC,
Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the
combined privilege set of Priv1 and Priv2.
A01 A02
Group1 Priv1 Priv2
User1 User2 iDRAC1 iDRAC2
Domain 2Domain 1