Welcome to OpenManaged Enterprise.
In this video, we’ll show you how to create a local user in OpenManage Enterprise and assign roles and scopes to manage access. OpenManage Enterprise uses Role-Based Access Control, also called RBAC, to define what users can do. There are three built in roles. The Administrator role gives full access to all features.
The Device Manager role allows users to manage devices. The Viewer role provides read only access. Administrators can also create custom rules with specific privileges and assign them to users for more tailored access. Next, let's talk about Scope-Based Access Control, or SBAC. SBAC extends RBAC by limiting which device groups or devices a user can access.
This means a device manager or a custom role user only sees the devices they need to manage. Before you start, here are a few important things to keep in mind. First, you need to be logged in as an administrator and manage users and roles. The appliance can have up to 1000 user accounts. Any changes to a user's role only take effect after that user logs in again.
If you change your device manager to a viewer, they will lose access to all the entities they previously owned, such as jobs, templates and policies. These will not be restored if you promote the role again later. Users who have RSA enabled cannot make REST API calls to the appliance or its plugins. If you need API access, use a separate user account.
Finally, usernames in OpenManage Enterprise are case sensitive, even if they are not case sensitive on the RSA server. To create a new user, go to Application Settings and select Users. Then click Add. From the User Role menu, choose a predefined role such as Administrator, Device Manager or Viewer. If a custom role is available, you can select that if needed. For device managers or custom roles, the default scope is All Devices.
If you want to limit access how to user scope and choose Select Groups, then pick the device groups the user should have access to. Once you finish selecting the device groups, click OK. Next type in the username and password that the user will use to access the appliance. Make sure both follow the recommended guidelines. Usernames could include letters, numbers, and a variety of special characters. Passwords must be at least eight characters long.
They need to include at least one uppercase letter, one lowercase letter, one number, and one special character. You can also enable RSA SecureID for multi-factor authentication. Keep in mind that only super administrators can enable or disable this for themselves.
When you're done, click Finish to save the user. A job will run in the background and the new user will appear in the list. By default, a newly created user is enabled and can start performing management tasks in OpenManage Enterprise. If you need to disable a user, select the checkbox next to their name and click Disable.
To enable the user again, select the checkbox and click Enable. A checkmark in the Enable column means the user is active. If the user is already in the selected state, either enabled or disabled, the corresponding button will appear grayed out. To delete a user, select the check box next to their name and click Delete. For more information or assistance on OpenManage Enterprise, visit: Dell.com/Support.
