Changing the default permissions

There are two settings that determine whether role groups can access devices when they are initially managed by Lenovo XClarity Administrator: public access and role groups. The public-access setting determines whether all or only a specific set of role groups can access the target devices. By default, this setting is set to Yes, which means that all role groups can access the target devices. You can change the default behavior by changing the public-access setting to No and then selecting the set of role groups that can access the target devices

About this task

Only users with lxc-supervisor, lxc-security-admin, or lxc-recovery authority can perform this action.

Users with the lxc-supervisor, lxc-security-admin, or lxc-recovery authority can access all managed devices. You cannot remove access to any device for these role groups.

The default access-control settings are used to set access permissions on devices when they are initially managed by XClarity Administrator and when resetting access permissions for a specific device to the default settings. Changing the default access-control settings does not automatically change access permissions on devices that are already managed.

Procedure

Complete the following procedures to change the default access controls.

  1. From the main XClarity Administrator menu, click Administration > Security.
  2. Click Resource View in the left navigation pane. The Resource View page is displayed.

    You can sort the table columns to make it easier to find specific devices. In addition, you can select a device type in the Resource Type drop-down menu, select a role group in the Role Groups drop-down menu, select a resource group in the Resource Groupsdrop-down menu, and enter text (such as a resource name or type) in the Filter field to list only those devices that meet the selected criteria.

  3. Click All Actions > Edit Default Resources. The Edit Default Resources dialog is displayed.
  4. From the Role Groups drop-down list, select the role groups that you want to define as the default set.
  5. Select the default Public Access setting.
    • Yes. When a device is initially managed, all role groups can access that device regardless of the roles groups that are listed in the Role Groups drop-down list.

    • No. When a device is initially managed, only role groups that are listed in the Role Groups drop-down list can access that device by default.

  6. Click Save.