Assignable
Oracle ILOM User Roles
During the creation of Oracle ILOM user accounts, a system
administrator assigns a set of privileges that grants users access
to discrete functions and operations within Oracle ILOM. These privileges
in Oracle ILOM are known as user roles.
Oracle ILOM provides up to six predefined user roles. A system
administrator can assign roles to grant privileges to a user or
to revoke privileges from a user.
In addition to user roles, Oracle ILOM provides user profiles
known as Administrator, Operator, and Advanced Roles. These user
profiles enable a system administrator to assign multiple privileges
at a time to a single user.
A system administrator can use the Administrator or Operator
profile to assign a set of predefined user roles to a single user
account. Or, a system administrator can configure the Advanced Roles
profile to assign any of the six predefined user roles to a single
account.
All user privileges are assignable to a user account from
the web interface or the CLI. For a description of privileges granted
by a single profile or a user role, see the following tables:
Table 10 Privileges Granted by a User Profile
|
|
|
Administrator
|
administrator |
The Administrator (administrator)
profile is predefined with the following user roles.
|
Operator
|
operator |
The Operator (operator)
profile is predefined with the following user roles:
|
Advanced Roles |
a|u|c|r|o|s |
The Advanced Roles profile option is
user-configurable from the web interface only. The Advanced Roles
profile option enables system administrators to assign any of the
following six user roles to a single user account:
Note - The same six user roles (a|u|c|r|o|s)
are individually assignable to a single user account from the CLI. |
|
Table 11 Privileges Granted by Individual User Roles
|
|
Admin (a) |
The Admin (a)
user role, when enabled, grants read and write permissions to all
Oracle ILOM system management functions with the exception of the functions
that would require the Admin (a) role to have these additional user roles
enabled: User Management (u), Reset and Host
Control (r),
Console (c), and Service (s). |
User Management (u) |
The User Management (u)
user role, when enabled, grants read and write permissions to all
Oracle ILOM user management authentication features. |
Console (c) |
The Console (c)
user role, when enabled, grants read and write permissions to perform
these remote console management functions: remote console lock options,
SP console history log options, launch and use Oracle ILOM Remote System
Console, and launch and use Oracle ILOM Storage Redirection CLI. |
Reset and Host Control
(r) |
The Reset and Host Control
(r) user role, when enabled, grants read and write
permissions to perform these host management functions: host boot device
control, run and configure diagnostics utilities, reset SP, reset
CMM, sub-component service actions, fault management actions, SPARC
TPM management actions, and SNMP MIB download operation. |
Read-Only (o) |
The Read-Only (o) user role grants read-only permissions to view the state
of all Oracle ILOM configuration properties and to change the account password assigned to the
individual user account. |
Service (s) |
The Service (s)
user role, when enabled, grants read and write permissions to assist
Oracle service engineers if on-site service is required. |
a|u|c|r|o |
A combination of all these users roles
(aucro), when enabled, grants read and write
permissions to perform backup and restore configuration functions
in Oracle ILOM. |
|