HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 168
How directory login restrictions are enforced, Restricting roles, Role time restrictions
View all HP Xw460c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 168 highlights
How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive LOM privileges based on rights specified in one or more Roles. Restricting roles Restrictions allow administrators to limit the scope of a role. A role only grants rights to those users that satisfy the role's restrictions. Using restricted roles results in users with dynamic rights that can change based on the time of day or network address of the client. IMPORTANT: When directories are enabled, access to a particular iLO 2 is based on whether the user has read access to a Role object that contains the corresponding iLO 2 object. This includes but is not limited to the members listed in the role object. If the Role is set up to allow inheritable permissions to propagate from a parent, then members of the parent which have read access privileges will also have access to iLO 2. To view the access control list, navigate to Users and Computers, open the properties screen for the Role object and select the Security tab. For step-by-step instructions on how to create network and time restrictions on a role, refer to "Active Directory Role Restrictions (on page 154)" or "eDirectory Role Restrictions (on page 162)" sections. Role time restrictions Administrators can place time restrictions on LOM roles. Users are granted the rights specified for the LOM devices listed in the role, only if they are members of the role and meet the time restrictions for that role. LOM devices use local host time to enforce time restrictions. If the LOM device clock is not set, the role time restriction fails unless no time restrictions are specified on the role. Role-based time restrictions can only be satisfied if the time is set on the LOM device. The time is normally set when the host is booted, and it is maintained by running the agents in the host operating system, which allows the LOM device to compensate for leap year and minimize clock drift with respect to the Directory-enabled remote management 168