User authority management
You can create users and manage user authority through the CMM web interface.
Users are assigned authority levels according to user permission groups that are set up for the CMM. Users with Supervisor command authority can execute all commands. Users with Operator command authority are restricted to read-only access.
- CMM user accounts are used to log in to the service processor interfaces for compute nodes.
- If a user account becomes locked, click Mgt Module Management > User Accounts to access the User Accounts page. A locked user account has Locked in the State column. To unlock an account, select the user account, and click Unlock.
- If your CMM is managed by an optional management node and you are unable to connect to the CMM from a user account because it has been locked, you can unlock it through the Lenovo XClarity Administrator or Flex System Manager management software web interface. For information about using the Lenovo XClarity Administrator, see Lenovo XClarity Administrator information page. See CMM access problems in Flex System Manager for information about Flex System Manager command use.
- Do not store any sensitive information in the CMM file system. Data in the CMM web server directory or subdirectories is accessible by unauthenticated users.
You can create a user and change user authority levels from the User Accounts page. The CMM supports a maximum of 84 user accounts. When creating a new user, remember that the same user ID and password are used for all methods of connecting to the CMM, and that the password is case sensitive while the user ID is not case sensitive.
There are two available methods of creating a new user: username&password (default) or username &email. Switch between the two in Global Login Settings in CMM management options.
- Only consisting of the following characters : A-Z, a-z, 0-9, ~`!@#$%^&*()-+={}[]|:;"'<>,?/
- Not including space
- Containing at least one alphabet and one number
- Containing at least two of the following:
- At least one upper-case alphabet
- At least one lower-case alphabet
- At least one special character (~`!@#$%^&*()-+={}[]|:;"'<>,?/)
- Not being exactly the same or reserve of the user name
- Not consisting of more than two consecutive occurrences of the same character (for example, a password combination is allowed to contain ee or @@ but not eee or @@@)
Creating a new user with username and password
Complete the following steps to create a new user with username and password:
- From the CMM web interface homepage, click Mgt Module Management > User Accounts > Create User.
- Enter the User name and New Password, and then the Confirm password information in the User Credentials page.
Creating a new user with username and email
Complete the following steps to create a new user with username and email:
- From the CMM web interface homepage, click Mgt Module Management > User Accounts > Create User.
- Enter the User name and Email to send password to, and then the Confirm email to send password to information in the User Credentials page. An email containing an 8-digit randomly generated password will be sent to the designated email account. The user has to log in with this password for the first login before changing password.
After creating a user account, you can click on the user account name from the User Accounts page to define additional properties for the user account. For example, you can select the Node Account Mgmt tab and check the Provision IPMI and SNMPv3 Account option to make the password for IPMI and SNMPv3 accounts the same as the password for the user account. If you do so, you can only disable the provisioning option by resetting the CMM to the default settings.
Use the following instructions to enable the Provision IPMI and SNMPv3 Account option:
- Log in to the CMM web interface. See Starting the web interface for detailed information about logging into the CMM web interface.
- Click Mgt Module Management > User Accounts.
- Click a user name, for example USERID, to access the User Properties window.
- Click the Node Account Mgt tab and check the Provision IPMI and SNMPv3 Account option to set the password for IPMI and SNMP accounts to the same password for the selected user account.
- Click OK to enable the option. The user cannot disable the option without resetting the CMM to default values. See Resetting the CMM to manufacturing defaults for more information about setting the CMM to default values.