CMC Login User
|
User can log in to CMC and view all the CMC data,
but cannot add or modify data or execute commands.
It
is possible for a user to have other privileges without the CMC Login
User privilege. This feature is useful when a user is temporarily
not allowed to log in. When that user’s CMC Login User privilege is
restored, the user retains all the other privileges previously granted.
|
Chassis Configuration Administrator
|
User can add or change data that:
-
Identifies the chassis, such as chassis name and
chassis location.
-
Is assigned specifically to the chassis, such as
IP mode (static or DHCP), static IP address, static gateway, and static
subnet mask.
-
Provides services to the chassis, such as date and
time, firmware update, and CMC reset.
-
Is associated with the chassis, such as slot name
and slot priority. Although these properties apply to the servers,
they are strictly chassis properties relating to the slots rather
than the servers themselves. For this reason, slot names and slot
priorities can be added or changed whether or not servers are present
in the slots.
-
Is associated with Active Directory (AD) such as managing AD certificate, and configuring AD groups, domains, and privileges.
When a server is moved to a different chassis,
it inherits the slot name and priority assigned to the slot it occupies
in the new chassis. The previous slot name and priority remain with
the previous chassis.
-
NOTE: CMC users with the
Chassis Configuration Administrator privilege can configure power
settings. However, the
Chassis Control Administrator privilege
is required to perform chassis power operations, including power on,
power off, and power cycle.
|
User Configuration Administrator
|
User can:
-
Add a new user.
-
Change the password of a user.
-
Change the privileges of a user.
-
Enable or disable the login privilege of a user but
retain the name and other privileges of the user in the database.
|
Clear Logs Administrator
|
User can clear the hardware log and CMC log. |
Chassis Control Administrator (Power Commands)
|
CMC users with the
Chassis Power Administrator privilege can perform all power-related operations. They can control
chassis power operations, including power on, power off, and power
cycle.
-
NOTE: To configure
power settings, the
Chassis Configuration Administrator privilege
is needed.
|
Server Administrator
|
This is a blanket privilege, granting a CMC user
all rights to perform any operation on any servers present in the
chassis.
When a user with
Server Administrator privilege issues an action to be performed on a server, the CMC firmware
sends the command to the targeted server without checking the privileges
of a user on the server. In other words, the
Server Administrator privilege overrides any lack of administrator privileges on the
server.
Without the
Server Administrator privilege, a user created on the chassis can only execute a command
on a server when all of the following conditions are true:
-
The same user name exists on the server.
-
The same user name must have the same password on
the server.
-
The user must have the privilege to execute the command.
When a CMC user who does not have
Server
Administrator
privilege issues an action to be performed on a
server, CMC sends a command to the targeted server with the user’s
login name and password. If the user does not exist on the server,
or if the password does not match, the user is denied the ability
to perform the action.
If the user exists on the
target server and the password matches, the server responds with the
privileges of which the user was granted on the server. Based on the
privileges responding from the server, CMC firmware decides if the
user has the right to perform the action.
|
|
Listed below are the privileges and the actions
on the server to which the Server Administrator is entitled. These
rights are applied only when the chassis user does not have the Server
Administrative privilege on the chassis.
Server Configuration
Administrator:
-
Set IP address
-
Set gateway
-
Set subnet mask
-
Set first boot device
Configure Users:
-
Set iDRAC root password
-
iDRAC reset
Server Control Administrator:
-
Power on
-
Power off
-
Power cycle
-
Graceful shutdown
-
Server Reboot
|
Test Alert User
|
User can send test alert messages. |
Debug Command Administrator
|
User can execute system diagnostic commands. |
Fabric A Administrator
|
User can set and configure the Fabric A IOM. |