Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Assignment of Role-Based Privileges

All Oracle ILOM user accounts are assigned a set of role-based privileges. These role-based privileges provide access to discrete features within Oracle ILOM. It is possible to configure a user account so that the user can monitor the system but cannot make any configuration changes. Or, you can allow a user to modify most configuration options, with the exception of creating and modifying user accounts. It is also possible to restrict who can control the server power and who can access the remote console. It is important to understand the privilege levels and to assign them appropriately to users in the organization.

The following table defines a list of privileges you can assign to an individual Oracle ILOM user account.

Table 7  User Account Privilege Descriptions
Role
Description
Admin (a)
Enables a user to change all Oracle ILOM configuration options, except for those configuration options expressly authorized by other privileges (such as User Management).
User Management (u)
Enables a user to add and remove users, change user passwords, and configure authentication services. A user with this role can create a second user account with all privileges and, therefore, this role has the highest level of privileges of all user roles.
Console (c)
Enables a user to access the host console remotely. This remote console access might allow the user to access the BIOS or OpenBoot PROM (OBP), which gives the user the ability to change boot behavior as a way to gain access to the system.
Reset and Host Control (r)
Enables a user to control host power and reset Oracle ILOM.
Read-only (o)
Enables a user to have read-only access to the Oracle ILOM user interfaces. All users have this access, which entitles a user to read logs and environmental information, as well as view configuration settings.

For more information about creating a local user account and assigning role-based privileges, see Create Local User Accounts With Role-Based Privileges.