Managing user accounts

User accounts are used to log in and manage Lenovo XClarity Administrator and all chassis and servers that are managed by XClarity Administrator. XClarity Administrator user accounts are subjected to two interdependent processes: authentication and authorization.

About this task

Authentication is the security mechanism by which a user's credentials are verified. The authentication process uses the user credentials that are stored in the configured authentication server. It also prevents unauthorized management servers or rogue managed-system applications from accessing the resources. After authentication, a user can access XClarity Administrator. However, to access a specific resource or perform a specific task, the user must also have the appropriate authorization.

Authorization checks the permissions of the authenticated user and controls access to resources based on the users membership in a role group. Role groups are used to assign specific roles to a set of user accounts that are defined and managed in the authentication server. For example, if a user is a member of a role group that has Supervisor permissions, that user can create, edit, and delete user accounts from XClarity Administrator. If a user has Operator permissions, that user can only view user-account information.

Note: The SYSMGR_* and SYSRDR_* user accounts (where * is a randomly chosen suffix created from characters A – Z and 0 – 9) are generated and used by XClarity Administrator as service user accounts and are used in functions such as managed authentication, OS deployment, and firmware updates. The SYSMGR_* and SYSRDR_* passwords are rotated each time XClarity Administrator is booted and shortly before the password expiration period is due.