Solved: Right role/privileges for KVM Access only in UCS

Sandemann · ‎03-07-2012

Hi

I am making some locally Authenticated Users for some people at work.

They only need to access KVM and do things there.

What role/privileges do I need to set on the user?

padramas · ‎03-07-2012

Hello,

Try associating the user to a role that has only " service-profile-ext-access " privilege in it.

I believe this will allow only KVM access to the blades.

HTH

Padma

View solution in original post

padramas · ‎03-07-2012

Stig,

Please refer this thread and let us know if you run into any issues.

https://supportforums.cisco.com/message/3394031#3394031

Padma

Sandemann · ‎03-07-2012

Thank you for your answer.

I have looked into the thread, and was thinking about method #4.

I have created a user under Locally Authenticated Users and if I set the role Operations I get this message after pressing launch under KVM launch manager.

If I type the same username and password, I get login failed.

If I add the role Server-profile to the user, I can login with no issue. But then I am afraid that I give to much privileges to the user.

I'm using a Management IP Pool, so I don't know if the other methods works better. I think it is difficult to know the IP address, and maybe the adress can change.

The best is, when I add a server to UCS, the user can find the server KVM by himself, and I don't need to find the IP address and give it to him.

Maybe I am way off here, so please help me:)

padramas · ‎03-07-2012

Hello,

Try associating the user to a role that has only " service-profile-ext-access " privilege in it.

I believe this will allow only KVM access to the blades.

HTH

Padma

Sandemann · ‎03-07-2012

Thank you for the answer, which did the trick:)

But I wonder, what other privileges do I need so some people can boot the server and mount image and install on it.

Does it exist any document that explain what every privileges does?

padramas · ‎03-08-2012

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_01001.html

let us know if it helps you out

Padma

Sandemann · ‎03-08-2012

Thanx again:)

I have seen this, but I don't understand what all are.

I wonder if there is some more explanations for each privileges.

I know, if I give a user the server-profile role, he can do the most on the server, but I feel I don't have control on what he can do:9

padramas · ‎03-08-2012

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCty51613

I have asked for more information with above enahancement request.

Do you have specific question on actions that service profile administrator role can execute ?

Padma

Sandemann · ‎03-08-2012

Hi

I'm not sure what you mean?

I tried to access the link you posted, but I'm not entitled to use BugToolKit.

I wonder if there is any document that describe what every privileges in a role give access to.

It had been useful to have this to restrict users to do to much in UCS:)

padramas · ‎03-08-2012

Hello,

The above link is an enhancement request to include additional information in the configuration guide about roles and privileges in UCSM. However, it will take time to get it fixed in the docs.

Currently,what we have in UCSM configuration guide is the latest and greatest information.

Padma