In Active Directory, a standard group object is used as a role group. A user who has CMC access is a member of the role group. To
give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC
card. The role and the privilege level is defined on each CMC card and not in the Active Directory. You can configure up to five role
groups in each CMC. The following table shows the default role group privileges.
Table 14. : Default Role Group Privileges
Role Group
1
2
3
4
5
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
NOTE: For more information about user privileges, see Types of Users.
Configuring standard schema Active Directory
To configure CMC for an Active Directory login access:
1.
On an Active Directory server (domain controller), open Active Directory Users and Computers Snap-in.
2.
Using the CMC Web interface or RACADM:
a. Create a group or select an existing group.
b. Configure the role privileges.
3.
Add the Active Directory user as a member of the Active Directory group to access CMC.
Extended schema Active Directory overview
Using the extended schema solution requires the Active Directory schema extension.
102
Default Privilege Level
None
None
None
None
None
Permissions Granted
•
CMC Login User
•
Chassis Configuration
Administrator
•
User Configuration
Administrator
•
Clear Logs Administrator
•
Chassis Control
Administrator (Power
Commands)
•
Server Administrator
•
Test Alert User
•
Debug Command
Administrator
•
Fabric A Administrator
•
CMC Login User
•
Clear Logs Administrator
•
Chassis Control
Administrator (Power
Commands)
•
Server Administrator
•
Test Alert User
•
Fabric A Administrator
CMC Login User
No assigned permissions
No assigned permissions
Bit Mask
0x00000fff
0x00000ed9
0x00000001
0x00000000
0x00000000