Add-LXCARoleGroup
This cmdlet creates a role group.
Syntax
Add-LXCARoleGroup [-Connection LXCAConnection]
[-Description String]
-RoleGroupName String
-RoleList String[]
[-UserList String[]]
[CommonParameter]
Parameters
- -Connection LXCAConnection
- Specifies the connection to the Lenovo XClarity Administrator server. If no connection is specified, the result from the last Connect-LXCA cmdlet is used.
- -Description String
- Specifies the description for the new role group.
- -RoleGroupName String
- Specifies the name of the role group to be created. The name must be unique.
- -RoleList String[]
- One or more roles to be associated with the new role group. This can be one of the following values.
- lxc-supervisor. Users that are assigned this role can access, configure, and perform all available operations on the management server and all managed devices.
Users that are assigned this role always have access to all managed devices. You cannot restrict access to devices for this role.
- lxc-admin. Users that are assigned this role can modify non-security related settings and perform all non-security related operations on the management server, including the ability to update and restart the management server. This role also provides the ability to view all configuration and status information about the management server and managed devices.
lxc-security-admin. Users that are assigned this role can modify security settings and perform security-related operations on the management server and managed devices. This role also provides ability to view all configuration and status information about the management server and managed devices.
Users that are assigned this role always have access to all managed devices. You cannot restrict access to devices for this role.
- lxc-hw-admin. Users that are assigned this role can modify non-security settings and perform non-security related operations on managed devices, including the ability to update and restart managed devices. This role also provides the ability to view all configuration and status information about the management server and all managed devices.
- lxc-fw-admin. Users that are assigned this role can create firmware policies and deploy those policies to managed devices. Users that are not assigned this role can only view policy information.
- lxc-os-admin. Users that are assigned this role can download and deploy operating systems and device-driver updates to managed servers. Users that are not assigned this role can only view operating-system and device-driver information.
- lxc-service-admin. Users that are assigned this role can collect and download service files for XClarity Administrator and managed devices. Users that are not assigned this role can collect but not download service data.
- lxc-hw-manager. Users that are assigned this role can discover new devices and place those devices under the management control of the XClarity Administrator. This role prohibits users from performing operations or modifying configurations settings on the management server and managed devices beyond those operations that are necessary to discover and manage new devices.
- lxc-operator. Users that are assigned this role can view all configuration and status information about the management server and managed devices. This role prohibits users from performing operations or modifying configurations settings on the management server and managed devices.
lxc-recovery. Users that are assigned this role can modify security settings and perform security-related operations on the management server. These users can also authenticate directly to the XClarity Administrator even if the authentication method is set to external LDAP server. This role provides a recovery mechanism in case a communication error occurs with the external LDAP server that uses the
Login Credentials
configuration.Users that are assigned this role always have access to all managed devices. You cannot restrict access to devices for this role.
The following predefined roles are reserved and cannot be used to create new role groups or assigned to new users.- lxc-sysrdr
- lxc-sysmgr
- lxc-supervisor. Users that are assigned this role can access, configure, and perform all available operations on the management server and all managed devices.
- -UserList String[]
- Specifies the IDs of one or more users to associate with the role group. You can use the Get-LXCAUserAccount cmdlet to obtain the user IDs.
- CommonParameters
- This cmdlet supports the following common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable, -OutBuffer, -PipelineVariable, -OutVariable. For detailed information about each common parameter, see the Microsoft PowerShell Common Parameters webpage.
Results
This cmdlet does returns a RoleGroup object.
Examples
The following example creates a role group that is associated with two roles and two users.
$cred = Get-Credential
Connect-LXCA -Host 192.0.2.0 -Credential $cred
$role = Get-LXCARole
$user = Get-LXCAUserAccount -GetUserName
Add-LXCARoleGroup -RoleGroupName $name -Description $desc -RoleList $role[0],$role[2]
-UserList $user[0],$user[1]