Management module v1 privileges

These privileges are associated with the LDAP permission bits (bitstrings) that are enforced by management modules for rack servers and entire Flex System chassis (including all devices in that chassis).

Lenovo XClarity Administrator does not enforce these permissions. The permissions are enforced by the managed devices that use an XClarity Administrator use account.

If the device is managed using managed authentication (using the local authentication server for authentication), the local authentication server uses these permissions to indicate to the managed devices which permissions to use to log in to the device. You would configure these same permissions in an external LDAP server.

Note:
  • To narrow permissions to individual devices in a chassis, you must specify management module v2 privileges in addition to the management module v1 privileges (see Management module v2 privileges).

  • Management module v1 privileges are not supported for FlexSystem switches that do not have Secure IOM enabled, RackSwitch switches, Storage devices, and ThinkServer servers.

For information about the LDAP permission bits for each management module, see the online documentation.

Privilege name Privilege description default roles
mm-advanced-adaptor-configuration-v1 Advanced adaptor configuration lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-basic-configuration-v1 Basic configuration lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-clear-event-logs-v1 Clear event logs lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor
mm-deny-always-v1 Deny always lxc-admin, lxc-hw-admin, lxc-supervisor
mm-networking-and-security-v1 Networking and security lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-recovery, lxc-security-admin, lxc-supervisor
mm-power-and-restart-access-v1 Power/restart access for servers and Flex switches lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-remote-console-access-v1 Remote control access for servers lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-remote-console-and-virtual-media-access-v1 Remote console and virtual media access for servers lxc-admin, lxc-hw-admin, lxc-hw-manager, lxc-supervisor
mm-supervisor-v1 Supervisor access lxc-admin, lxc-hw-admin, lxc-supervisor
mm-user-account-management-v1 User management lxc-admin, lxc-hw-admin, lxc-recovery, lxc-security-admin, lxc-supervisor