User accounts and role groups

User accounts are used to log in and manage Lenovo XClarity Administrator and all managed chassis and servers. XClarity Administrator user accounts are subjected to two interdependent processes: authentication and authorization.

Authentication is the security mechanism by which a user's credentials are verified. The authentication process uses the user credentials that are stored in the configured authentication server. It also prevents unauthorized management servers or rogue managed-system applications from accessing the resources. After authentication, a user can access XClarity Administrator. However, to access a specific resource or perform a specific task, the user must also have the appropriate authorization.

Authorization checks the permissions of the authenticated user and controls access to resources based on the users membership in a role group. Role groups are used to assign specific roles to a set of user accounts that are defined and managed in the authentication server. For example, if a user is a member of a role group that has Supervisor permissions, that user can create, edit, and delete user accounts from XClarity Administrator. If a user has Operator permissions, that user can only view user-account information.

For more information about the user accounts and role groups, see Managing user accounts.