White Papers
13 Implementation of the DMTF Redfish API on Dell EMC PowerEdge Servers
iDRAC Redfish authentication and authorization requirements
Redfish Actions
Authentication
Required
Authorization
Required
Read operation on any instrumentation data
Yes
Yes
Write operation on any instrumentation data
Yes
Yes
Execute operation on any instrumentation data
Yes
Yes
View Service root
No
No
View Metadata document
No
No
View OData Service Document
No
No
View Message Registry
No
No
Unlike certain management interfaces that restrict authentication to a single command, the Redfish Service
provides access to Redfish URIs by using two methods:
Basic authentication: In this method, user name and password are provided for each Redfish API
request.
Session based authentication: This method is used when issuing multiple Redfish operation
requests.
- Session login is initiated by accessing the Create session URI. The response for this request
includes an “X-Auth-Token” header with a session token. Authentication for subsequent requests
is made using this “X-Auth-Token” header.
- Session logout is performed by issuing a DELETE of the Session resource provided by the Login
operation including the X-Auth-Token header.
- Using this approach, Redfish supports multiple transactions within a session with the help of X-
Auth-token, session token and Location headers.
2.6.4 Privileges
Privilege model requirements are aligned to the Redfish specification and schema. The following table shows
the relationship between Redfish Privileges and native iDRAC Privileges:
Redfish Privileges
iDRAC Privileges
Login
Login
ConfigureManager
Config iDRAC
ConfigureUser
Config User
ConfigureManager
System Control
ConfigureComponents
Virtual Console
ConfigureComponents
Virtual Media
ConfigureManager
Clear Logs
Mapping Redfish privileges to iDRAC privileges