Skip to main content

Management module v1 privileges

These privileges are associated with the LDAP permission bits (bitstrings) that are enforced by management modules for rack servers and entire Flex System chassis (including all devices in that chassis).

Lenovo XClarity Administrator does not enforce these permissions. The permissions are enforced by the managed devices that use an XClarity Administrator use account.

If the device is managed using managed authentication (using the local authentication server for authentication), the local authentication server uses these permissions to indicate to the managed devices which permissions to grant to the user when logging in to the device.

You would configure these same permissions in an external LDAP server. When using an external LDAP server with XClarity Administrator, ensure that you add groups in the external LDAP server with names that match the role group names in XClarity Administrator and that the external LDAP users are added to one or more of those groups. External LDAP users must be part of an LDAP group with a name that matches an XClarity Administrator role group that contains roles associated with the management module bits strings. XClarity Administrator uses these groups to tie the external LDAP users to the role groups in XClarity Administrator and to the bits strings that are enforced by the management module. Then, when a user logs into a managed device using an external LDAP user account, the management module knows whether to grant the user supervisor or operator privileges.

Note
Management module v1 privileges are not supported for FlexSystem switches that do not have Secure IOM enabled, RackSwitch switches, Storage devices, and ThinkServer servers.

For information about the LDAP permission bits for each management module, see the online documentation.

Privilege namePrivilege descriptiondefault roles
mm-advanced-adaptor-configuration-v1Advanced adaptor configurationlxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-basic-configuration-v1Basic configurationlxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-clear-event-logs-v1Clear event logslxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor
mm-deny-always-v1Deny alwayslxc-admin, lxc-hw-admin, lxc-supervisor
mm-networking-and-security-v1Networking and securitylxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor
mm-power-and-restart-access-v1Power/restart access for servers and Flex switcheslxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-remote-console-access-v1Remote control access for serverslxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-remote-console-and-virtual-media-access-v1Remote console and virtual media access for serverslxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-supervisor-v1Supervisor accesslxc-admin, lxc-hw-admin, lxc-supervisor
mm-user-account-management-v1User managementlxc-admin, lxc-hw-admin, lxc-recovery, lxc-security-admin, lxc-supervisor