iDRAC users or server users (since the iDRAC resides
on a server)
CMC and iDRAC users can be local or directory service
users.
Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not automatically
transferred to the same user on a server, because server users are
created independently from CMC users. In other words, CMC Active Directory
users and iDRAC Active Directory users reside on two different branches
in the Active Directory tree. To create a local server user, the Configure
Users must log in to the server directly. The Configure Users cannot
create a server user from CMC or vice versa. This rule protects the
security and integrity of the servers.
Table 1. User TypesThe following table contains description of the user types.
Privilege
Description
CMC Login User
User can log in to CMC and view all the CMC data,
but cannot add or modify data or execute commands.
It is possible for a user to have other privileges without the CMC
Login User privilege. This feature is useful when a user is temporarily
not allowed to log in. When that user’s CMC Login User privilege is
restored, the user retains all the other privileges previously granted.
Chassis Configuration Administrator
User can add or change data that:
Identifies the chassis, such as chassis name and chassis
location.
Is assigned specifically to the chassis, such as
IP mode (static or DHCP), static IP address, static gateway, and static
subnet mask.
Provides services to the chassis, such as date and
time, firmware update, and CMC reset.
Is associated with the chassis, such as slot name and
slot priority. Although these properties apply to the servers, they
are strictly chassis properties relating to the slots rather than
the servers themselves. For this reason, slot names and slot priorities
can be added or changed whether or not servers are present in the
slots.
When a server is moved to a different chassis,
it inherits the slot name and priority assigned to the slot it occupies
in the new chassis. Its previous slot name and priority remain with
the previous chassis.
NOTE CMC users with the Chassis Configuration Administrator privilege can configure power
settings. However, the Chassis Control Administrator privilege
is needed to perform chassis power operations, including power on,
power off, and power cycle.
User Configuration Administrator
User can:
Add a new user.
Change a user's password.
Change a user's privileges.
Enable or disable a user's login privilege but retain
the user's name and other privileges in the database.
Clear Logs Administrator
User can clear the hardware log and CMC log.
Chassis Control Administrator (Power Commands)
CMC users with the Chassis Power Administrator privilege can perform all power-related operations. They can control
chassis power operations, including power on, power off, and power
cycle.
NOTE To configure
power settings, the Chassis Configuration Administrator privilege
is needed.
Server Administrator
This is a blanket privilege, granting a CMC user
all rights to perform any operation on any servers present in the
chassis.
When a user with Server Administrator privilege issues an action to be performed on a server, the CMC firmware
sends the command to the targeted server without checking the user's
privileges on the server. In other words, the Server Administrator privilege overrides any lack of administrator privileges on the
server.
Without the Server Administrator privilege,
a user created on the chassis can only execute a command on a server
when all of the following conditions are true:
The same user name exists on the server.
The same user name must have the same password on
the server.
The user must have the privilege to execute the command.
When a CMC user who does not have Server
Administrator privilege issues an action to be performed on a
server, CMC sends a command to the targeted server with the user’s
login name and password. If the user does not exist on the server,
or if the password does not match, the user is denied the ability
to perform the action.
If the user exists on the
target server and the password matches, the server responds with the
privileges of which the user was granted on the server. Based on the
privileges responding from the server, CMC firmware decides if the
user has the right to perform the action.
Listed below are the privileges and the actions
on the server to which the Server Administrator is entitled. These
rights are applied only when the chassis user does not have the Server
Administrative privilege on the chassis.
Server Configuration
Administrator:
Set IP address
Set gateway
Set subnet mask
Set first boot device
Configure Users:
Set iDRAC root password
iDRAC reset
Server Control Administrator:
Power on
Power off
Power cycle
Graceful shutdown
Server Reboot
Test Alert User
User can send test alert messages.
Debug Command Administrator
User can execute system diagnostic commands.
Fabric A Administrator
User can set and configure the Fabric A IOM, which
resides in either slot A1 or slot A2 of the I/O slots.
Fabric B Administrator
User can set and configure the Fabric B IOM, which
resides in either slot B1 or slot B2 of the I/O slots.
Fabric C Administrator
User can set and configure the Fabric C IOM,
which resides in either slot C1 or slot C2 of the I/O slots.
The CMC user groups provide a series of user groups
that have pre-assigned user privileges.
NOTE If you select
Administrator, Power User, or Guest User, and then add or remove a
privilege from the pre-defined set, the CMC Group automatically changes
to Custom.
Table 2. CMC Group
PrivilegesThe following table contains descriptions of the CMC group privileges.
User Group
Privileges Granted
Administrator
CMC Login User
Chassis Configuration Administrator
User Configuration Administrator
Clear Logs Administrator
Server Administrator
Test Alert User
Debug Command Administrator
Fabric A Administrator
Fabric B Administrator
Fabric C Administrator
Power User
Login
Clear Logs Administrator
Chassis Control Administrator (Power commands)
Server Administrator
Test Alert User
Fabric A Administrator
Fabric B Administrator
Fabric C Administrator
Guest User
Login
Custom
Select any combination of the following permissions:
CMC Login User
Chassis Configuration Administrator
User Configuration Administrator
Clear Logs Administrator
Chassis Control Administrator (Power commands)
Server Administrator
Test Alert User
Debug Command Administrator
Fabric A Administrator
Fabric B Administrator
Fabric C Administrator
None
No assigned permissions
Table 3. Comparison
of Privileges Between CMC Administrators, Power Users, and Guest UsersThe following table contains the comparison details of CMC administrator,
power user, and guest user privileges.
Privilege Set
Administrator Permissions
Power User Permissions
Guest User Permissions
CMC Login User
Yes
Yes
Yes
Chassis Configuration Administrator
Yes
No
No
User Configuration Administrator
Yes
No
No
Clear Logs Administrator
Yes
Yes
No
Chassis Control Administrator (Power commands)
Yes
Yes
No
Server Administrator
Yes
Yes
No
Test Alert User
Yes
Yes
No
Debug Command Administrator
Yes
No
No
Fabric A Administrator
Yes
Yes
No
Fabric B Administrator
Yes
Yes
No
Fabric C Administrator
Yes
Yes
No
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\