Role-Based Security and its Implementation



Similar documents
Discovery and Inventory of Dell Devices using OpenManage Essentials

How To Manage A Data Center Remotely From A Computer Or Network Remotely

How to Setup and Configure ESXi 5.0 and ESXi 5.1 for OpenManage Essentials

Configuring Single Sign-On for Application Launch in OpenManage Essentials

Dell idrac7 with Lifecycle Controller

Integrating idrac7 With Microsoft Active Directory

Integrating idrac 7 with Microsoft Active Directory

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Manage Dell Hardware in a Virtual Environment Using OpenManage Integration for VMware vcenter

Building Microsoft Windows Server 2012 Clusters on the Dell PowerEdge VRTX

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

How To Backup And Restore A Database With A Powervault Backup And Powervaults Backup Software On A Poweredge Powervalt Backup On A Netvault 2.5 (Powervault) Powervast Backup On An Uniden Power

Lenovo Partner Pack for System Center Operations Manager

Configuring Dell OpenManage IT Assistant 8.0 to Monitor SNMP Traps Generated by VMware ESX Server

Lifecycle Controller Platform Update/Firmware Update in Dell PowerEdge 12th Generation Servers

Dell One Identity Cloud Access Manager How to Configure for High Availability

Symantec Backup Exec Management Plug-in for VMware User's Guide

Optimizing Dell server deployments with system build and update utility

Enhancements to idrac7 Alert Notification

Remote Installation of VMware ESX Server Software Using Dell Remote Access Controller

Contents Notice to Users

Web Remote Access. User Guide

Citrix XenServer Workload Balancing Quick Start. Published February Edition

How to manage non-hp x86 Windows servers with HP SIM

How To Create A Web Server On A Zen Nlb (Networking) With A Web Browser On A Linux Server On An Ipad Or Ipad On A Raspberry Web 2.4 (

Dell Command Integration Suite for System Center Version 4.1. Installation Guide

Proactively Managing Servers with Dell KACE and Open Manage Essentials

Essential Managing the BlackBerry Enterprise Server using the BlackBerry Administration Service

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Managing Web Server Certificates on idrac

DELL Remote Access Configuration Tool

Symantec AntiVirus Corporate Edition Patch Update

Dell Server Management Pack Suite Version 6.0 for Microsoft System Center Operations Manager User's Guide

Dell Compellent Storage Center

FileMaker Security Guide The Key to Securing Your Apps

Microsoft Exchange 2010 on Dell Systems. Simple Distributed Configurations

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Kerberos -Based Active Directory Authentication to Support Smart Card and Single Sign-On Login to DRAC5

Agent-free Inventory and Monitoring for Storage and Network Devices in Dell PowerEdge 12 th Generation Servers

Oracle Enterprise Manager. Description. Versions Supported

Oracle Enterprise Manager

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Software License Monitoring

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

For Active Directory Installation Guide

Parallels Plesk Panel

Active Directory integration with CloudByte ElastiStor

Oracle Enterprise Manager

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Managing Identities and Admin Access

Simplifying Systems Management for Computer Associates (CA) NSM r11.1 and r11.2 for Dell Hardware A Dell Technical White Paper

HP Device Manager 4.7

Application Notes for Configuring Microsoft Office Communications Server 2007 R2 and Avaya IP Office PSTN Call Routing - Issue 1.0

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Oracle Enterprise Manager. Description. Versions Supported

Windows 8 VPN Get Connected

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

CaseWare Time. CaseWare Cloud Integration Guide. For Time 2015 and CaseWare Cloud

Novell ZENworks Asset Management 7.5

VMware ESX 2.5 Server Software Backup and Restore Guide on Dell PowerEdge Servers and PowerVault Storage

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Oracle Enterprise Manager. Description. Versions Supported

Decommissioning the original Microsoft Exchange

NMS300 Network Management System

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Lab 00: Configuring the Microsoft Lync Ignite Environment Cloud Hosted Version

Oracle Enterprise Manager. Description. Versions Supported. Prerequisites

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Mobility Manager 9.5. Users Guide

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Dell MessageStats for Lync and the MessageStats Report Pack for Lync & OCS 7.3. User Guide

Dell PowerVault MD Storage Array Management Pack Suite Version 6.0 for Microsoft System Center Operations Manager Installation Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

VITAL SIGNS Quick Start Guide

Front-Office Server 2.7

NETWRIX EVENT LOG MANAGER

Symantec Virtual Machine Management 7.1 User Guide

uh6 efolder BDR Guide for Veeam Page 1 of 36

NETWRIX ACCOUNT LOCKOUT EXAMINER

CA Unified Infrastructure Management Server

Defender Delegated Administration. User Guide

Role Based Administration for LDMS 9.0 SP2

CommVault Simpana 10 Best Practices

IBM Connections Plug-In for Microsoft Outlook Installation Help

Active Directory Synchronization with Lotus ADSync

Managing User Security: Roles and Scopes

Enabling Remote Management of SQL Server Integration Services

Using Entrust certificates with Microsoft Office and Windows

EventTracker: Support to Non English Systems

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

Active Directory Change Notifier Quick Start Guide

FOR WINDOWS FILE SERVERS

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Transcription:

Role-Based Security and its Implementation This Dell Technical White Paper describes how OpenManage Essentials supports and implements role-based access control at its operational level. Author(s) R Rajiv Nair Dell Product Group Enterprise

This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. 2011 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. November 2011 Rev 1.0 ii

Contents Introduction... 4 Role-Based Access Control Implementation... 4 Role-Based Access Control Implementation in OpenManage Essentials... 5 Using Security Roles and Permissions... 6 Role-Based Access Control Architecture in OpenManage Essentials... 7 OpenManage Essentials Roles and Associated Permissions... 9 OmeAdministrators Console View... 9 OmePowerUsers Console View... 10 OmeUser Console View... 11 Learn More... 12 Figures Figure 1. User Group... 4 Figure 2. Adding users to a group... 5 Figure 3. Select users to a group... 6 Figure 4. A simplified RBAC Model... 7 Figure 5. Role-based access control implementation in OpenManage Essentials... 8 Figure 6. OmeAdministrators console... 9 Figure 7. Right-click options enabled... 10 Figure 8. OmePowerUsers console... 10 Figure 9. Preferences tab view... 10 Figure 10. OmeUsers console... 11 Figure 11. Right-click options disabled... 12 iii

Executive Summary The management of user access has long been a challenge for organizations. Central to this challenge is the concept of creating defined user roles. Used correctly, roles provide a means of simplification and allow organizations to adapt enterprise access to the needs of the business. The result is greater IT operational efficiency, business agility, and improved security through a set of preventative controls. Introduction The purpose of this document is to describe how OpenManage Essentials (OME) supports and implements role-based access control (RBAC) at its operations level. This document also explains the implementation of role-based access control architecture and the role-level permissions assigned in OpenManage Essentials. Role-Based Access Control Implementation After installation launch OpenManage Essentials, the OmeAdministrators, OmePowerUsers and OmeUsers user groups would be created under Windows Local Users and Groups. To verify the creation of OpenManage Essentials groups on a Windows machine, perform the following steps: 1. Log in as an administrator. 2. Right-click My Computer and select Manage. 3. Navigate to Configuration -> Local Users and Groups -> Groups. The OpenManage Essentials groups are listed in the Groups pane. These are the OmeAdministrators, OmePowerUsers and OmeUsers groups (Figure 1). Figure 1. User Group 4

Role-Based Access Control Implementation in OpenManage Essentials After you have verified that the OpenManage Essentials groups have been created, on a Windows machine, add user(s) to the OpenManage Essentials groups. Add user(s) to OmeAdministrators first, later to OmePowerUsers and then to OmeUsers. You must be logged in as an Administrator to perform this procedure. To add users, perform the following steps: 1. Navigate to Local Users and Groups -> Groups. 2. Right-click OmeAdministrators and select Add to Group. 3. In the Properties window, click Add. 4. In the Select Users window, enter the user name. 5. Click Check Names and click OK. The user name appears in the Members list in the Properties window. 6. Click OK. Note: For details on adding a Windows user account to a group, refer to: http://windows.microsoft.com/en-us/windows-vista/add-a-user-account-to-a-group Note: The users you add must also belong to the built-in local Administrator group. Log in as the user that belongs to the OmeAdministrators group and confirm that this user has full permissions to perform all of the OpenManage Essentials operations. Similarly, add users to the OmePowerUser and OmeUsers group and confirm that these users have restricted privileges and can do read-only operations. Figure 2. Adding users to a group 5

Figure 3. Select users to a group Using Security Roles and Permissions OpenManage Essentials provides security through role-based access control, authentication, and encryption. Role-based access control manages security by determining the operations run by the user in particular roles. Each user is assigned with one or many roles, and each role is assigned certain user 6

privileges that are permitted to users in that role. With role-based access control, security administration corresponds closely to an organization's structure. Role-Based Access Control Architecture in OpenManage Essentials Figure 4. A simplified RBAC Model Typical role-based access control architecture (Figure 4) has the following three components: Users: Create a user with credentials Roles: Assign the user to specific roles Permissions: Assign access control to the above role 7

Figure 5. Role-based access control implementation in OpenManage Essentials 8

OmeAdministrators have full permissions to perform the following tasks: Add multiple Discovery Ranges Deploy OMSA on a remote machine Execute any remote task and view the report OmeUsers only have read permissions. OmeUsers can view reports and export the report details to an external file. Note: A guest user must be a member of OmeAdministrators or OmeUser to access OpenManage Essentials. OpenManage Essentials Roles and Associated Permissions OpenManage Essentials users have read-only access and cannot perform other operations. They can log in to the console, run discovery and inventory tasks, view settings, and acknowledge events. The Windows Users group is a member of this group. OpenManage Essentials Administrators have full access to all of the operations within OpenManage Essentials. OmeAdministrators Console View When logged in to OpenManage Essentials, the top-right corner of the screen displays details about the user who is logged in (Figure 6). In this figure, the user permission is displayed as OmeAdministrators. This user can perform any task defined in OpenManage Essentials. Figure 6. OmeAdministrators console Right-click options include all operations pertaining to modification, for example, Edit, Rename, Delete, and Disable (Figure 7). 9

Figure 7. Right-click options enabled OmePowerUsers Console View When logged in to OpenManage Essentials, the top-right corner of the screen displays details about the user who is logged in (Figure 8). In this figure, the user permission is displayed as OmePowerUsers. The users have the same ability as the OmeAdministrators except they cannot edit preferences. Figure 8. OmePowerUsers console Right-click options include all operations pertaining to modification, for example, Edit, Rename, Delete, and Disable. But modification under Preferences tab is not allowed (Figure 9). Figure 9. Preferences tab view 10

OmeUser Console View In the OmeUsers console view (Figure 10), note that the logged-in OmeUser does not have Administrator privileges. Users have permissions to perform any task defined in OpenManage Essentials at the operations level. These privileges are usually read-only and do not provide any options pertaining to modification. Figure 10. OmeUsers console 11

Right-click options pertaining to modification, for example, Edit, Rename, Delete, and Disable are disabled (Figure 11). Figure 11. Right-click options disabled Learn More Visit Dell.com/PowerEdge for more information on Dell s enterprise-class servers. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information