Management module v1 privileges
These privileges are associated with the LDAP permission bits (bitstrings) that are enforced by management modules for rack servers and entire Flex System chassis (including all devices in that chassis).
Lenovo XClarity Administrator does not enforce these permissions. The permissions are enforced by the managed devices that use an XClarity Administrator use account.
If the device is managed using managed authentication (using the local authentication server for authentication), the local authentication server uses these permissions to indicate to the managed devices which permissions to grant to the user when logging in to the device.
You would configure these same permissions in an external LDAP server. When using an external LDAP server with XClarity Administrator, ensure that you add groups in the external LDAP server with names that match the role group names in XClarity Administrator and that the external LDAP users are added to one or more of those groups. External LDAP users must be part of an LDAP group with a name that matches an XClarity Administrator role group that contains roles associated with the management module bits strings. XClarity Administrator uses these groups to tie the external LDAP users to the role groups in XClarity Administrator and to the bits strings that are enforced by the management module. Then, when a user logs into a managed device using an external LDAP user account, the management module knows whether to grant the user supervisor or operator privileges.
For information about the LDAP permission bits for each management module, see the online documentation.
- Configuring LDAP in the CMM and CMM2 online documentation
- Configuring LDAP in the IMM and IMM2 online documentation
- Configuring LDAP in the XCC online documentation
Privilege name | Privilege description | default roles |
---|---|---|
mm-advanced-adaptor-configuration-v1 | Advanced adaptor configuration | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor |
mm-basic-configuration-v1 | Basic configuration | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor |
mm-clear-event-logs-v1 | Clear event logs | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor |
mm-deny-always-v1 | Deny always | lxc-admin, lxc-hw-admin, lxc-supervisor |
mm-networking-and-security-v1 | Networking and security | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor |
mm-power-and-restart-access-v1 | Power/restart access for servers and Flex switches | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor |
mm-remote-console-access-v1 | Remote control access for servers | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor |
mm-remote-console-and-virtual-media-access-v1 | Remote console and virtual media access for servers | lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor |
mm-supervisor-v1 | Supervisor access | lxc-admin, lxc-hw-admin, lxc-supervisor |
mm-user-account-management-v1 | User management | lxc-admin, lxc-hw-admin, lxc-recovery, lxc-security-admin, lxc-supervisor |