Go to main content

Oracle® ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 3.2.x

Exit Print View

Updated: April 2018
 
 

Assignable Oracle ILOM User Roles

During the creation of Oracle ILOM user accounts, a system administrator assigns a set of privileges that grants users access to discrete functions and operations within Oracle ILOM. These privileges in Oracle ILOM are known as user roles.

Oracle ILOM provides up to six predefined user roles. A system administrator can assign roles to grant privileges to a user or to revoke privileges from a user.

In addition to user roles, Oracle ILOM provides user profiles known as Administrator, Operator, and Advanced Roles. These user profiles enable a system administrator to assign multiple privileges at a time to a single user.

A system administrator can use the Administrator or Operator profile to assign a set of predefined user roles to a single user account. Or, a system administrator can configure the Advanced Roles profile to assign any of the six predefined user roles to a single account.

All user privileges are assignable to a user account from the web interface or the CLI. For a description of privileges granted by a single profile or a user role, see the following tables:

Table 10   Privileges Granted by a User Profile
Web Property
CLI Property
Privileges Granted by Profile
Administrator
administrator
The Administrator (administrator) profile is predefined with the following user roles.
  • Admin (a)

  • User Management (u)

  • Console (c)

  • Reset and Host Control (r)

  • Read-Only (o)

For a description of privileges granted by each user role, see Figure 11, Table 11, Privileges Granted by Individual User Roles.
Operator
operator
The Operator (operator) profile is predefined with the following user roles:
  • Console (c)

  • Reset and Host Control (r)

  • Read-Only (o)

For a description of privileges granted by each user role, see Figure 11, Table 11, Privileges Granted by Individual User Roles.
Advanced Roles
a|u|c|r|o|s
The Advanced Roles profile option is user-configurable from the web interface only. The Advanced Roles profile option enables system administrators to assign any of the following six user roles to a single user account:
  • Admin (a)

  • User Management (u)

  • Console (c)

  • Reset and Host Control (r)

  • Read-Only (o)

  • Service (s)

Note - The same six user roles (a|u|c|r|o|s) are individually assignable to a single user account from the CLI.

For a description of privileges granted by each user role, see Figure 11, Table 11, Privileges Granted by Individual User Roles.
Table 11   Privileges Granted by Individual User Roles
User Role
Privileges Granted
Admin (a)
The Admin (a) user role, when enabled, grants read and write permissions to all Oracle ILOM system management functions with the exception of the functions that would require the Admin (a) role to have these additional user roles enabled: User Management (u), Reset and Host Control (r), Console (c), and Service (s).
User Management (u)
The User Management (u) user role, when enabled, grants read and write permissions to all Oracle ILOM user management authentication features.
Console (c)
The Console (c) user role, when enabled, grants read and write permissions to perform these remote console management functions: remote console lock options, SP console history log options, launch and use Oracle ILOM Remote System Console, and launch and use Oracle ILOM Storage Redirection CLI.
Reset and Host Control (r)
The Reset and Host Control (r) user role, when enabled, grants read and write permissions to perform these host management functions: host boot device control, run and configure diagnostics utilities, reset SP, reset CMM, sub-component service actions, fault management actions, SPARC TPM management actions, and SNMP MIB download operation.
Read-Only (o)
The Read-Only (o) user role grants read-only permissions to view the state of all Oracle ILOM configuration properties and to change the account password assigned to the individual user account.
Service (s)
The Service (s) user role, when enabled, grants read and write permissions to assist Oracle service engineers if on-site service is required.
a|u|c|r|o
A combination of all these users roles (aucro), when enabled, grants read and write permissions to perform backup and restore configuration functions in Oracle ILOM.