03-07-2012 03:58 AM - edited 03-01-2019 10:18 AM
Hi
I am making some locally Authenticated Users for some people at work.
They only need to access KVM and do things there.
What role/privileges do I need to set on the user?
Solved! Go to Solution.
03-07-2012 05:37 AM
Hello,
Try associating the user to a role that has only " service-profile-ext-access " privilege in it.
I believe this will allow only KVM access to the blades.
HTH
Padma
03-07-2012 04:19 AM
Stig,
Please refer this thread and let us know if you run into any issues.
https://supportforums.cisco.com/message/3394031#3394031
Padma
03-07-2012 05:17 AM
Thank you for your answer.
I have looked into the thread, and was thinking about method #4.
I have created a user under Locally Authenticated Users and if I set the role Operations I get this message after pressing launch under KVM launch manager.
If I type the same username and password, I get login failed.
If I add the role Server-profile to the user, I can login with no issue. But then I am afraid that I give to much privileges to the user.
I'm using a Management IP Pool, so I don't know if the other methods works better. I think it is difficult to know the IP address, and maybe the adress can change.
The best is, when I add a server to UCS, the user can find the server KVM by himself, and I don't need to find the IP address and give it to him.
Maybe I am way off here, so please help me:)
03-07-2012 05:37 AM
Hello,
Try associating the user to a role that has only " service-profile-ext-access " privilege in it.
I believe this will allow only KVM access to the blades.
HTH
Padma
03-07-2012 11:23 PM
Thank you for the answer, which did the trick:)
But I wonder, what other privileges do I need so some people can boot the server and mount image and install on it.
Does it exist any document that explain what every privileges does?
03-08-2012 12:17 AM
let us know if it helps you out
Padma
03-08-2012 04:31 AM
Thanx again:)
I have seen this, but I don't understand what all are.
I wonder if there is some more explanations for each privileges.
I know, if I give a user the server-profile role, he can do the most on the server, but I feel I don't have control on what he can do:9
03-08-2012 05:46 AM
I have asked for more information with above enahancement request.
Do you have specific question on actions that service profile administrator role can execute ?
Padma
03-08-2012 05:58 AM
Hi
I'm not sure what you mean?
I tried to access the link you posted, but I'm not entitled to use BugToolKit.
I wonder if there is any document that describe what every privileges in a role give access to.
It had been useful to have this to restrict users to do to much in UCS:)
03-08-2012 06:09 AM
Hello,
The above link is an enhancement request to include additional information in the configuration guide about roles and privileges in UCSM. However, it will take time to get it fixed in the docs.
Currently,what we have in UCSM configuration guide is the latest and greatest information.
Padma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide