Guidelines for User Account Management
User Account Management Guideline | Description |
---|---|
Never Promote the Sharing of User Accounts |
A separate account should always be created for each Oracle ILOM user. Oracle ILOM supports a Increased of 10 local user account. If you are managing a larger site and require more than 10 user accounts, you should consider using a third-party user authentication service such as LDAP or Active Directory. For more information about implementing user authentication in Oracle ILOM through an external authentication service, see Remote Authentication Services and Security Profiles. |
Select Conforming Names for Local User Accounts |
When selecting a user name for a local Oracle ILOM user account, the user name must:
|
Select Conforming Passwords for Local User Accounts |
When selecting a password for a local Oracle ILOM user account, the password must:
For further details about password management in Oracle ILOM, see Security Guidelines for Managing User Accounts and Passwords. |
Limit User Account Privileges Based on Job Role (Principles of Least Privilege) |
The principle of least privilege states that, for good security practice, give a user the least amount of privileges to perform his or her job. Over-ambitious granting of responsibilities, roles, and so on (especially early in the life cycle of an organization), can leave a system open for abuse. Review user privileges periodically to determine their relevance to the current job responsibilities of each user. Oracle ILOM provides the ability to control user privileges for each user. Ensure that the appropriate user role permissions are assigned to each user account, based on job role. For details on how to create a user account with role-based privileges, see: Create Local User Accounts With Role-Based Privileges |