Dell EMC OpenManage Essentials Version 2.5 User's Guide

Using security roles and permissions

OpenManage Essentials provides security through role-based access control (RBAC), authentication, and encryption. RBAC manages security by determining the operations run by persons in particular roles. Each user is assigned one or more roles, and each role is assigned one or more user rights that are permitted to users in that role. With RBAC, security administration corresponds closely to an organization's structure.

OpenManage Essentials roles and associated permissions are as follows:

  • OmeUsers have limited access and rights and can perform read-only operations in OpenManage Essentials. They can log in to the console, run discovery and inventory tasks, view settings, and acknowledge events. The Windows Users group is a member of this group.
  • OmeAdministrators have full access to all the operations within OpenManage Essentials. Windows Administrators group is member of this group.
  • OmeSiteAdministrators have full access to all the operations within OpenManage Essentials with the following rights and restrictions:
    • Can only create custom device groups under All Devices in the device tree. They can create remote or system update tasks on the custom device groups only after the custom device groups are assigned to them by the OmeAdministrators.
      • Cannot edit custom device groups.
      • Can delete custom device groups.
    • Can create remote and system update tasks on only the device groups assigned to them by the OmeAdministrators.
    • Can only run and delete remote and system update tasks that they have created.
      • Cannot edit remote tasks, including activating or deactivating the task schedule.
      • Cannot clone remote or system update tasks.
      • Can delete tasks they have created.
    • Can delete devices.
    • Cannot edit or target device queries.
    • Cannot edit or access the Device Group Permissions portal.
    • Cannot create remote and system update tasks based on a device query.
    • Can create compute pools with devices to which they have permissions.

    • Can perform bare metal and stateless deployments with devices to which they have permissions.

    • Can only edit, rename, unlock, and delete compute pools to which they have permissions.

    • Can only replace a server within a compute pool to which they have permission.

    • Can only reclaim identities from devices included in the compute pool to which they have permission.

    • NOTE: Any changes made to the role or device group permissions of a user are effective only after the user logs out and logs in again.
  • OmePowerUsers have the same rights as OmeAdministraors except that they cannot edit the settings of OpenManage Essentials.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\