Assignment
of Role-Based Privileges
All Oracle ILOM user accounts are assigned a set of role-based
privileges. These role-based privileges provide access to discrete
features within Oracle ILOM. It is possible to configure a user
account so that the user can monitor the system but cannot make
any configuration changes. Or, you can allow a user to modify most configuration
options, with the exception of creating and modifying user accounts.
It is also possible to restrict who can control the server power
and who can access the remote console. It is important to understand
the privilege levels and to assign them appropriately to users in
the organization.
The following table defines a list of privileges you can assign
to an individual Oracle ILOM user account.
Table 7 User Account Privilege Descriptions
|
|
Admin (a) |
Enables a user to change
all Oracle ILOM configuration options, except for those configuration
options expressly authorized by other privileges (such as User Management). |
User Management (u) |
Enables a user to add and
remove users, change user passwords, and configure authentication
services. A user with this role can create a second user account
with all privileges and, therefore, this role has the highest level
of privileges of all user roles. |
Console (c) |
Enables a user to access
the host console remotely. This remote console access might allow
the user to access the BIOS or OpenBoot PROM (OBP), which gives
the user the ability to change boot behavior as a way to gain access
to the system. |
Reset and Host Control (r) |
Enables a user to control
host power and reset Oracle ILOM. |
Read-only (o) |
Enables a user to have read-only access
to the Oracle ILOM user interfaces. All users have this access,
which entitles a user to read logs and environmental information,
as well as view configuration settings. |
|
For more information about creating a local user account and
assigning role-based privileges, see Create Local User Accounts With Role-Based Privileges.