Skip to main content

Controlling access to functions

Lenovo XClarity Orchestrator uses roles and user groups to determine which functions (actions) a user is allowed to perform.

About this task

A role is a set of functions. When a role is assigned to a user group, all users in that group can perform the functions that are included in that role.

XClarity Orchestrator provides the following predefined roles.

  • Supervisor. Allows users to view data about and perform all available actions on the orchestrator server and all managed resources (resource managers and devices).

    Users that are assigned this role always have access to all resources (devices and resource managers) and all functions. You cannot restrict access to resources or functions for this role.

    You must have supervisor privileges to perform the following actions.
    • Performing maintenance tasks, such as installing licenses and updating to a newer version
    • Connecting and disconnecting resource managers
    • Modifying system settings, such as network preferences and the date and time
    • Agreeing to send periodic data to Lenovo

    There must be at least one user with supervisor privileges.

    Important
    When upgrading from XClarity Orchestrator v1.0 to a later release, all users that were created in XClarity Orchestrator v1.0 are given supervisor privileges by default. A supervisor user can remove the supervisor privileges for users that should not have those privileges.
  • Hardware Administrator. Allows users to view data, manage and deploy configuration patterns, manage and deploy operating systems using OS profiles, view and customize analytics, and perform actions on accessible resources. This role prohibits users from updating software or firmware on managed resources, and from managing resource groups.
  • Server Configuration Administrator. Allows users to configure servers using configuration patterns, , view predefined analytics, and view data for accessible resources. This role prohibits users from remotely accessing the devices and powering devices on and off.
  • OS Administrator. Allows users to deploy operating systems using OS profiles, view predefined analytics, and view data for accessible resources. This role prohibits users from remotely accessing the devices and powering devices on and off.
  • Updates Administrator. Allows users to update firmware on devices and software on resource managers, view data for accessible resources, and view predefined analytics.
  • Security Administrator. Allows users to modify security settings and perform security-related actions on the orchestrator server, view data for all managed resources, manage resource group, and view predefined analytics.

    Users that are assigned this role always have access to all resources (devices and resource managers). You cannot restrict access to resources for this role.

  • Reporter. Allows users to view the orchestrator-server configuration, view data about accessible resources, create queries to generate custom reports, and create data forwarders to schedule and email reports. This role prohibits users from provisioning resources and powering devices on and off.
  • Operator. Allows users to view the orchestrator server configuration and view data for accessible resources. This role prohibits users from performing actions or modifying configurations settings on the orchestrator server and managed resources, creating and viewing analytics reports, and creating custom alerts.
  • Operator Legacy. Allows users to view data and perform certain actions on accessible resources, such as managing inventory, alerts and service tickets. This role prohibits users from updating software or firmware on managed resources, creating resource groups, creating and viewing analytics reports, and creating custom alerts.
    Attention
    When upgrading from XClarity Orchestrator v1.2 to a later release, users that are assigned the Operator role are automatically changed to the Operator Legacy role and added to the OperatorLegacyGroup user group. The Operator Legacy role and OperatorLegacyGroup user group will be deprecated in a future release.

If a user does is not allowed to perform specific actions, menu items, toolbar icons, and buttons that are used to perform those actions are disabled (greyed out).

Note
Viewing resource-related data is not restricted based on roles. All users can view resource-related data (such as inventory, alerts, jobs, and service tickets) for resources that they can access.

Procedure

To view information about the predefined roles, click Administration (Administration icon) > Security from the XClarity Orchestrator menu bar, and then click Roles in the left navigation.

Click the row for any role to display the Roles dialog with information about the role properties, list of functions in the role, and a list of user groups to which the role is assigned.

  • Assigning roles to users
    Lenovo XClarity Orchestrator uses roles and user groups to determine which functions (actions) a user is allowed to perform.