10Configuring user accounts and privilegesYou can setup user accounts with specific privileges (role-based authority) to manage your system with CMC and maintain systemsecurity. By default, CMC is configured with a default root account. As an administrator, you can set up user accounts to allowother users to access the CMC.You can set up a maximum of 16 local users, or use directory services such as Microsoft Active Directory or LDAP to setupadditional user accounts. Using a directory service provides a central location for managing authorized user accounts.CMC supports role-based access to users with a set of associated privileges. The roles are administrator, operator, read-only, ornone. The role defines the maximum privileges available.Types of usersThere are two types of users:• CMC users or chassis users• iDRAC users or server users (since the iDRAC resides on a server)CMC and iDRAC users can be local or directory service users.Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not automatically transferred tothe same user on a server, because server users are created independently from CMC users. In other words, CMC Active Directoryusers and iDRAC Active Directory users reside on two different branches in the Active Directory tree. To create a local server user,the Configure Users must log in to the server directly. The Configure Users cannot create a server user from CMC or vice versa.This rule protects the security and integrity of the servers.Table 11. User TypesPrivilege DescriptionCMC Login User User can log in to CMC and view all the CMC data, but cannot add or modify data orexecute commands.It is possible for a user to have other privileges without the CMC Login Userprivilege. This feature is useful when a user is temporarily not allowed to login. Whenthat user’s CMC Login User privilege is restored, the user retains all the otherprivileges previously granted.Chassis Configuration Administrator User can add or change data that:• Identifies the chassis, such as chassis name and chassis location.• Is assigned specifically to the chassis, such as IP mode (static or DHCP), static IPaddress, static gateway, and static subnet mask.• Provides services to the chassis, such as date and time, firmware update, andCMC reset.• Is associated with the chassis, such as slot name and slot priority. Although theseproperties apply to the servers, they are strictly chassis properties relating to theslots rather than the servers themselves. For this reason, slot names and slotpriorities can be added or changed whether or not servers are present in theslots.When a server is moved to a different chassis, it inherits the slot name and priorityassigned to the slot it occupies in the new chassis. The previous slot name andpriority remain with the previous chassis.97