Using Multiple Roles - HP Integrated Lights-Out User Manual

Hp integrated lights-out user guide
Hide thumbs Also See for HP Integrated Lights-Out:
Table of Contents

Advertisement

196
User Guide Integrated Lights-Out
When using Microsoft® Active Directory, it is possible to place one group
within another or nested groups. Role objects are considered groups and can
include other groups directly. Add the existing nested group directly to the role,
and assign the appropriate rights and restrictions. New users can be added to
either the existing group or the role.
Novell eDirectory does not allow nested groups. In eDirectory, any user that can
read a role is considered a member of that role. When adding an existing group,
organizational unit or organization to a role, add the object as a read trustee of
the role. All the members of the object are considered members of the role. New
users can be added to either the existing object or the role.
When using trustee or directory rights assignments to extend role membership,
users must be able to read the LOM object representing the LOM device. Some
environments require the same trustees of a role to also be read trustees of the
LOM object to successfully authenticate users.

Using Multiple Roles

Most deployments do not require the same user to be in multiple roles managing
the same device. However, these configurations are useful for building complex
rights relationships. When building multiple-role relationships, users receive all
the rights assigned by every applicable role. Roles can only grant rights, never
revoke them. If one role grants a user a right, then the user has the right, even if
the user is in another role that does not grant that right.
Typically, a directory administrator creates a base role with the minimum
number of rights assigned and then creates additional roles to add additional
rights. These additional rights are added under specific circumstances or to a
specific subset of the base role users.
For example, an organization can have two types of users, administrators of the
LOM device or host server and users of the LOM device. In this situation, it
makes sense to create two roles, one for the administrators and one for the users.
Both roles include some of the same devices but grant different rights.
Sometimes, it is useful to assign generic rights to the lesser role and include the
LOM administrators in that role, as well as the administrative role.

Advertisement

Table of Contents
loading

Table of Contents