Creating Multiple Restrictions And Roles - HP Integrated Lights-Out User Manual

Integrated lights-out firmware 1.91

Hide thumbs Also See for Integrated Lights-Out:

User manual (410 pages)

Technology brief (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

Table of Contents

Creating multiple restrictions and roles

The most useful application of multiple roles includes restricting one or more roles so that rights do not

apply in all situations. Other roles provide different rights under different constraints. Using multiple

restrictions and roles enables the administrator to create arbitrary, complex rights relationships with a

minimum number of roles.

For example, an organization might have a security policy in which LOM administrators are allowed to

use the LOM device from within the corporate network but are only able to reset the server outside of

regular business hours.

Directory administrators might be tempted to create two roles to address this situation, but extra caution is

required. Creating a role that provides the required server reset rights and restricting it to an after-hours

application might allow administrators outside the corporate network to reset the server, which is contrary

to most security policies.

In the example, security policy dictates general use is restricted to clients within the corporate subnet, and

server reset capability is additionally restricted to after hours.

Alternatively, the directory administrator could create a role that grants the login right and restrict it to the

corporate network, then create another role that grants only the server reset right and restrict it to after-

hours operation. This configuration is easier to manage but more dangerous because on-going

administration might create another role that grants users from addresses outside the corporate network

the login right, which could unintentionally grant the LOM administrators in the server Reset role the ability

to reset the server from anywhere, provided they satisfy the time constraints of that role.

The previous configuration meets corporate security policy. However, adding another role that grants the

more manageable solution would be to restrict the Reset role, as well as the General Use role.

Directory-enabled remote management 139

Table of Contents

Creating Multiple Restrictions And Roles - HP Integrated Lights-Out User Manual

Creating multiple restrictions and roles

Troubleshooting

Related Manuals for HP Integrated Lights-Out

Related Content for HP Integrated Lights-Out

Table of Contents