Lenovo RD220 - ThinkServer - 3798 User Manual page 43

If this field is left blank, the user is assigned a default of read-only
permissions, assuming that the user passes the user and group
authentication.
The attribute value that is returned by the LDAP server is searched for the
keyword string IBMRBSPermission=. This keyword must be immediately
followed by a bit string that is entered as 12 consecutive 0's or 1's. Each bit
represents a set of functions. The bits are numbered according to their
positions. The leftmost bit is bit position 0, and the rightmost bit is bit
position 11. A value of 1 at a position enables the function that is
associated with that position. A value of 0 disables that function. The string
IBMRBSPermission=010000000000 is a valid example.
The IBMRBSPermission= keyword is used to allow it to be placed
anywhere in the attribute field. This enables the LDAP administrator to
reuse an existing attribute, therefore preventing an extension to the LDAP
schema. This also enables the attribute to be used for its original purpose.
You can add the keyword string anywhere in the attribute field. The
attribute that you use should allow for a free-formatted string.
When the attribute is retrieved successfully, the value that is returned by
the LDAP server is interpreted according to the following information:
v Deny Always (bit position 0): If this bit is set, the user always fails
authentication. This function can be used to block a user or users who
are associated with a particular group.
v Supervisor Access (bit position 1): If this bit is set, the user is given
administrator privileges. The user has read and write access to every
function. When this bit is set, bits 2 through 11 do not have to be set
individually.
v Read Only Access (bit position 2): If this bit is set, the user has
read-only access and cannot perform any maintenance procedures (for
example, restart, remote actions, and firmware updates) or modify
anything (using the save, clear, or restore functions). The Read Only
Access bit and all other bits are mutually exclusive, with the Read Only
Access bit having the lowest precedence. If any other bit is set, the Read
Only Access bit is ignored.
v Networking and Security (bit position 3): If this bit is set, the user can
modify the configuration on the Security, Network Protocols, Network
Interface, Port Assignments, and Serial Port pages.
v User Account Management (bit position 4): If this bit is set, the user
can add, modify, and delete users and change the Global Login Settings
in the Login Profiles page.
v Remote Console Access (bit position 5): If this bit is set, the user can
access the remote server console.
v Remote Console and Remote Disk (bit position 6): If this bit is set, the
user can access the remote server console and the remote disk functions
for the remote server.
v Remote Server Power/Restart Access (bit position 7): If this bit is set,
the user can access the power-on and restart functions for the remote
server. These functions are available in the Power/Restart page.
v Basic Adapter Configuration (bit position 8): If this bit is set, the user
can modify configuration parameters on the System Settings and Alerts
pages.
Chapter 3. Configuring the IMM
37