Knowledge Base

OpenManage Power Center Access Control (Managing User Accounts)



OpenManage Power Center Access Control (Managing User Accounts)
This chapter provides information about access control in Dell OpenManage Power Center, including:

  • Log in/Log out — Log into Power Center by entering user account credentials.
  • User/Role/Privilege Management — After logging in, you can manage user accounts from the Settings → User and Group Accounts area of the management console. Power Center provides role-based access control; to use these controls, set up roles first, and then define the privileges for each role. Then, you can set up Power Center accounts and assign them to different roles.
  • Licensing — Power Center requires a valid license. Once the trial license expires, you will be required to import a permanent license.

About Authentication
Power Center supports both Power Center users and Windows and Linux users.
For cross-domain authentication, domains must be two-way transitively trusted by the domain in which the Power Center server is installed. Authentication of user accounts in domains that are one-way trusted or not trusted by the domain in which the Power Center server is installed is not supported and may fail.

Logging In
Dell OpenManage Power Center supports both Power Center-managed users and authenticated Windows and Linux users.

Logging In With A User Name And Password
To log into Dell OpenManage Power Center with a user name and password, use one of the following accounts:

NOTE: When logging into Power Center for the first time following installation, you must use the Power Center user account created during installation.

  • Power Center Account — You can create this account in Power Center. When logging into Power Center for the first time, you must use the Power Center user account created during installation.
    NOTE: Before logging into Power Center using either the Windows domain or the Windows local account, you must add the account into Power Center by accessing the Settings → User And Group Accounts screen.
    NOTE: You cannot log into Power Center using SSO on the Power Center server. You only can log into Power Center using SSO remotely.
    NOTE: You must add the SSO user account to Power Center before you can log in using SSO. You will skip the login page and enter the Home page directly using SSO.
  • Windows Domain Account — Windows domain account.
  • Windows Local Account — Windows local account on the Power Center server.
  • Linux Local Account — Linux local account on the Power Center server.  
    NOTE: Power Center requires that SSL is enabled at the LDAP server, otherwise authentication attempts will fail
    NOTE: LDAP authentication must be enabled in the Directory Settings screen.
  • LDAP Account

Logging In With A Power Center Account

  1. Enter the User Name and Password of the OpenManage Power Center account.
  2. Select OMPC Account (default) from the Login using drop-down list 
  3. Click Login.

Logging In With A Windows Domain Account

  1. Enter the User Name and Password of the Windows domain account.
  2. Select Windows Domain Account from the Login using drop-down list.
  3. Enter the Domain name for the Windows domain account.
  4. Click Login.

Logging In With A Windows Local Account

  1. Enter the User Name and Password of the Windows local account. 
  2. Select Windows Local Account from the Login using drop-down list. 
  3. Click Login.

Logging In With A Linux Local Account

  1. Enter the User Name and Password of the Linux local account.
  2. Select Linux Local Account from the Login using drop-down list.
  3. Click Login. 

Logging In With An LDAP Account 

NOTE: The LDAP Account type is only available when LDAP authentication has been enabled in Directory Settings.
  1. Enter the User Name and Password of the LDAP account.
  2. Select LDAP Account from the Login using drop-down list. 
  3. Click Login. 

Logging In With Single Sign-on (SSO)
SSO uses centralized authentication servers that other applications and systems use for authentication purposes together with other techniques to ensure that users do not actively have to enter their credentials more than once. Kerberos SSO requires specific settings for web browsers. Configure your web browser for SSO support. For more information, see configuration steps for Internet Explorer 9 in Configuring Web Browsers For Single Sign-on, or for instructions on SSO configuration in other web browsers, consult the appropriate browser help documentation.
The following is an example of configuration steps in Microsoft Internet Explorer 9:

NOTE: Kerberos SSO may not work if you launch Power Center services using an account other than Network Service.


Single Domain Environment
You can set up a single domain environment with the following components:

  • Domain Controller — AD server that supports the domain (parent and child)
  • Power Center Server — Server with Power Center installed
  • Power Center Client — Client server that connects to the Power Center server

To set up the Kerberos SSO single domain environment, install Power Center for logging on with SSO and configure your web browser for SSO.

Installing Power Center For Logging On With Single Sign-on
When installing Power Center:

  1. Set up a Realm Name. You must enter a Fully Qualified Domain Name (FQDN) of the Realm—for example, dcm.dell.com.
  2. Set up Microsoft Active Directory (AD) domain controller addresses—for example, 192.168.0.250. Separate multiple addresses with a comma. 
  3. Specify a domain user for dcm.dell.com as Power Center server’s domain account for Kerberos SSO—for example, "Tom" and Tom’s password. The user account you specify must be an existing and valid domain user account.

Configuring Web Browsers For Single Sign-on
To enable Kerberos Single Sign-on (SSO), you must configure your web browser to support the feature.

NOTE: To correctly set up Kerberos SSO, the date and time on all involved computers must be consistent and DNS configuration must be correct.

To support SSO in Internet Explorer, you must add the Power Center server as a local Intranet site.
The following is an example of the configuration steps in Microsoft Internet Explorer 9:

  1. Go to Internet Explorer 9 → Internet Options → Security → Local Intranet, and click Sites.
    The Local Intranet window opens.
  2. Click Advanced.
  3. Add your Power Center site into Local Intranet—for example, server1.dcm.dell.com. 

Multiple Domain Environment
Set up a multiple domain environment with the following components:

  • Domain Controller — There can be several Windows Active Directory (AD) domain controllers; for example, a parent domain and many child domains.
  • Power Center Server — This is the server with Power Center installed. It is an AD domain controller.
  • Power Center Client — The client server connects to the network of the Power Center server. 

To set up the Kerberos SSO multiple domain environment:

  1. Install Power Center for SSO
  2. Configure your web browser for SSO.

Windows NT LAN Manager (NTLM) Authentication Limitation
Dell OpenManage Power Center supports Kerberos SSO for Windows domain user authentication. To enable this feature, Power Center is configured to support the Windows integrated authentication option which includes two authentication mechanisms: Kerberos and NTLM .
NTLM is not supported in Power Center. If the client’s web browser uses NTLM to authenticate domain users for Power Center, there are some limitations.
The web browser displays a message box requiring a Windows user name and password.

  1. If you click OK after entering a user name and password, whether the information is correct or not, the Power Center login page displays and requires you to authenticate through the login page.
  2. If you click Cancel, an HTTP Status 401 failure displays, and you cannot log into Power Center.

Logging Out
To log out of Dell OpenManage Power Center when not logged in through Kerberos SSO, click Logout at the upper right corner of the management console.
When logged in through Kerberos SSO, close the web browser or the Power Center management console to log out. Clicking Logout will not work.

Managing User Roles And Privileges
Dell OpenManage Power Center supports three pre-defined roles:

  • Administrator: All privileges
  • Power User: All privileges except Manage role/user and Manage license
  • Guest: View device/group privileges only

These pre-defined roles cannot be edited or deleted. 

NOTE: Only users with the Role/User Management privilege can add, edit, or delete a role or user or group account.


Adding A Custom Role

  1. Click Settings → Roles in the left navigation pane.
  2. The Settings > Roles screen opens.
  3. Click Add a Role in the task menu.
  4. The Add Role screen opens.
  5. Enter a unique Role Name that is fewer than 50 characters.
  6. Optionally, enter a Role Description that is less than 1024 characters.
  7. Select the privileges you want to assign to the role.
  8. Click Save to add the custom role, or click Cancel to discard your changes.

Editing A Role 

NOTE: You cannot edit a pre-defined role.

  1. Click Settings → Roles in the left navigation pane.
  2. Place a check mark in the check box beside the role you want to edit, then click Edit.
    The Edit Role screen opens.
  3. Make any changes required to the Role Name, Role Description, and Select Privileges fields for this role. 
  4. Click Save to save your changes, or click Cancel to discard them. 

Deleting A Role

  1. Click Settings → Roles in the left navigation pane.
  2. Place a check mark in the check box beside the role you want to delete, then click Delete. 
  3. Click Yes to confirm the deletion, or click No to discard the delete task.

Privileges
Each pre-defined role is associated with a set of specific privileges. Additionally, you can create custom roles with one or more of the following privileges:

  • Global Configuration 
  • Role/User Management 
  • View Device and Group Information
  • Manage Device and Group
  • Manage Policy 
  • Manage Event
  • Manage License

Every Power Center screen functions differently depending on the privilege level assigned to a user account:

  • Fully functional—User can view and edit all.
  • Partially functional—User can partially view or edit.
  • Not functional—User sees a blank page.

Global Configuration
The Global Configuration privilege enables a user to change the Power Center global configuration—for example, the sampling interval and database settings. Users without this privilege can only view part of the Settings page, and cannot make any changes (the Edit option is not available).

Manage Role/User
Users with the Manage Role/User privilege can:

  • Create roles
  • Delete roles
  • Update roles
  • Create users
  • Delete users
  • Update users

Users without this privilege can only view their own user account information and update the password.

View Device/Group
The View Device/Group privilege enables a user to view all device and group information. Users without this privilege cannot view device or group information; they can only view the Settings page.
Users with only the View Device/Group privilege have the following restrictions:

  • The Run Discovery task is not available.
  • Add/Edit/Delete functionality is disabled on the Devices screen.

Manage Device/Group
The Manage Device/Group privilege enables a user to:

  • Create groups
  • Create a Data Center/Room/Aisle/Rack/Device
  • Associate Data Center/Room/Aisle/Rack/Device/Group
  • Manage a device
  • Remove a device/group from the Device List
NOTE: When you assign the Manage Device/Group privilege to a user, Power Center automatically assigns the View Device/Group privilege to this user as well. Users without this privilege can view all devices and group information, but cannot add/delete/edit/manage the devices and groups.


Manage Policy

The Manage Policy privilege enables a user to:

  • Add/remove a policy
  • Update a policy
  • Start/stop Emergency Power Reduction on a device or group 
NOTE: To manage a policy, you must also have the View Device/Group privilege. Users without this privilege cannot see the Policies screen.


Manage Event
The Manage Event privilege enables a user to:

  • Add/Remove an event condition (threshold)
  • Update an event condition (threshold)
  • Remove an event
NOTE: To manage an event, you must also have the View Device/Group privilege. Users without this privilege can view event information and add comments to events, but cannot delete events or see the Thresholds values from the Devices screen.


Managing User Accounts
You can create users and assign them to different roles.
If you have the Manage Role/User privilege, you can add/edit/delete a user in Power Center.

Adding A User Account

  1. Click Settings → User and Group Accounts in the left navigation pane.
    NOTE: If OpenManage Power Center is installed on a Windows Active Domain Controller server, every user account added on this server should be a Windows Domain Account.
  2. Click Add a User/Group.
    The Add a User or Group Account window opens.
  3. Click the radio button next to A user.
  4. Select an Account Type and enter the required credentials:

For both Windows and Linux installations:

OMPC Account

  1. Enter a unique User Name for the account.
  2. Enter a Password that is at least 8 characters long and includes characters from at least three of the following categories: uppercase, lowercase, numeric, and non-alphanumeric.
  3. Re-enter the password to verify.

For a Windows installation:
Windows Local Account---Enter a unique User Name for the account.

NOTE: If Power Center is installed on a Windows 2012 Essential server and the server is configured as a Domain controller, all user accounts on the server should be Windows Domain Accounts, and not Windows Local Accounts.

  1. Windows Domain Account
  2. Enter a unique User Name for the account.
  3. Enter a valid Windows Domain Name.

For a Linux installation:
Linux Local Account---Enter a unique User Name for the account

NOTE: While Linux Local Accounts can be changed from the Linux server, these changes will not be mirrored in the same local account that was added to Power Center, and Power Center authentication attempts on this account will fail. To keep the Linux Local Account in sync between Power Center and the Linux server when the local account is changed from Linux, the original account must be deleted from Power Center and the changed account must be created in Power Center as a new Linux Local Account.


4. LDAP Account---Enter a unique User Name for the account.

NOTE: A user description is useful when there are two users with the same user name. Two user accounts with the same user name are only possible where the user types differ.

5. Enter a description of this user account (optional).

6. Select between one and four user and group roles.

7. Click Save to add the user account, or click Cancel to discard your changes. 

Adding A Group Account

  1. Click Settings → User and Group Accounts in the left navigation pane.
  2. Click Add a User/Group.
    The Add a User or Group Account window opens.
  3. Click the radio button next to A group.
  4. Select a group Account Type.
  5. Enter a unique Group Name. If you selected the Windows Domain Group account type, also enter a valid Windows Domain name.
  6. Enter a description of the group account (optional).
  7. Select between one and four user and group roles. If the role you want is not available in the drop-down list, click Create New to open the Create New Role wizard.
  8. Click Save to add the new group, or click Cancel to discard your changes.

Editing A User Or Group Account

  1. Click Settings → User and Group Accounts in the left navigation pane.
  2. Place a check mark beside the user or group account that you want to edit, then click Edit.
    The Edit a User or Group Account screen opens. 
  3. Make the changes desired, then click Save to save your changes, or click Cancel to discard them.

Deleting A User Or Group Account 

NOTE: You cannot delete the Power Center managed user (super user) created during installation.
  1. Click Settings → User and Group Accounts in the left pane.
  2. In the User and Group Accounts section, click Delete.
  3. Select the user or group account you want to delete.
  4. Click Apply to delete the selected accounts, or click Cancel to discard your changes. 

Changing A User Account Password

Do one of the following:

  1. Change the current user’s password.
    • In the upper right portion of the Power Center console, click the user account name under which you are currently logged in to Power Center. The Current User screen opens.
    • Enter the current password, enter the new password, and then enter it again to verify the new password.
    • Click Save to apply the new password, or click Cancel to discard your changes. 
  2. Change any user or group account password through the Settings > User and Group Accounts screen.
    • Click Settings → User And Group Accounts, and select the user account whose password you want to change.
    • Click Edit in the task menu.
    • Enter the new password. Enter the new password again to confirm.
    • Click Save to change the password, or click Cancel to discard your changes.

Viewing Current User Information
You can view current user information and update the current user’s password.
To view current user information, click the login user name in the upper-right corner of any page, or go to Settings → User And Group Accounts. Select the current user account from the list, and click Edit.

  1. Click Settings → User And Group Accounts, and select the user account whose password you want to change.
  2. Click Edit in the task menu.
  3. Enter the new password. Enter the new password again to confirm.
  4. Click Save to change the password, or click Cancel to discard your changes.




Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN283202

Last Date Modified: 08/07/2014 04:43 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.