Skip to main content

Access-control considerations

Lenovo XClarity Orchestrator uses access-control lists (ACLs) to determine which resources (devices, resource managers, and XClarity Orchestrator) users can access. When a user has access to a specific set of resources, that user can see data (such as inventory, events, alerts, and analytics) that is related to only those resources

About this task

An ACL is a union of user groups and resource groups.
  • User groups identify the users that are affected by this ACL. The ACL must contain a single user group.

    Users that are members of a group to which the predefined Supervisor role is assigned always have access to all resources. You cannot limit resource access for supervisor users.

    When resource-based access is enabled, users that are not members of a group to which the predefined Supervisor role is assigned do not have access to any resources (devices and resource managers) by default. You must add non-supervisor users to a user group that is part of an access-control list to allow those users to access a specific set of resources.

    When resource-based access is disable, all users have access to all resources (devices and resource managers) by default.

  • Resource groups identify the resources (devices, resource managers, and XClarity Orchestrator) that can be accessed. The ACL must contain at least one resource group.
    Note
    A user that has access to a manager group does not automatically get access to all devices that are managed by that resource manager. You must give explicit access to devices using device groups.

For more information about access-control lists, see Controlling access to resources.