HP Integrity BL870c HP Integrity iLO 2 Operations Guide, Eleventh Edition - Page 207
Creating Roles that Follow Organizational Structure, Restricting Roles, Role Time Restrictions
![]() |
View all HP Integrity BL870c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 207 highlights
Figure 9-22 shows one way that an administrative user gains admin role right. The admin user's initial login right is granted through the regular user role. After the initial login, more advanced rights are assigned to the admin user through the admin role such as server reset and remote console. Figure 9-22 Admin User Gaining Admin Role Right, Example 1 In Figure 9-23, the admin user gains the admin role right in a different way. The admin user initially logs in through the admin role and is immediately assigned admin rights (server reset, remote console, and login). Figure 9-23 Admin User Gaining Admin Role Right, Example 2 Creating Roles that Follow Organizational Structure Often, administrators within an organization are placed into a hierarchy in which subordinate administrators must assign rights independently of ranking administrators. In this case, it is useful to have one role that represents the rights assigned by higher-level administrators, and to allow subordinate administrators to create and manage their own roles. Restricting Roles Restrictions enable you to limit the scope of a role. A role only grants rights to those users who satisfy the role's restrictions. Using restricted roles creates users with dynamic rights that change based on the time of day or network address of the client. For step-by-step instructions on how to create network and time restrictions for a role, see "Setting Role Restrictions" (page 199) or "Setting Time Restrictions" (page 200). Role Time Restrictions You can place time restrictions on iLO 2 roles. Users are only granted rights that are specified for the iLO 2 devices listed in the role if they are members of the role and meet the time restrictions for that role. The iLO 2 devices use local host time to enforce time restrictions. If the iLO 2 device clock is not set, the role time restriction fails (unless no time restrictions are specified on the role). Directory-Enabled Remote Management 207
![](/manual_guide/products/hewlettpackard-integrity-bl870c-hp-integrity-ilo-2-operations-guide-eleventh-edition-30e0a7d/207.png)