Users and user groups in IBM Flex System Manager
In IBM® Flex System Manager, users and user groups are based on users and groups that are defined in the configured registry. IBM Flex System Manager uses the user and group information for authentication and authorization.
IBM Flex System Manager provides the capability to create, update, or delete users or groups in only the local user registry. You can create new users, user groups, and chassis roles from the management software web interface or command-line interface.
To open the Users and Groups page from the Home page of the web interface, click the Additional Setup tab; then, click Manage Users and Groups. For more information about how to use the Users and Groups page to create, edit, or delete users and user groups, see Users and groups page in the web interface.
- Supervisor
- A user with the Supervisor role has full access to all resources
- Operator
- A user with the Operator role has read-only access to all resources
- Set Custom permissions
- This selection enables you to set permissions based on specific resources
Access to particular resources or tasks is governed by restrictions based on the user ID or user group membership and the roles that are defined for each user. If you select the Supervisor or Operator role when you create a new user, you must select a group for the new user. All users have the group smdefault assigned automatically.
- Members of the Administrators group are authorized for all operations on all resources.
- Every new user is assigned to a role, which determines the permissions for the user. An administrator can assign additional roles to give additional authority to the user.
- IBM Flex System Manager does not support Network Information Services (NIS).
- smadmin (Administrator group)
- Members of the smadmin group are authorized for all operations.
They have administrative access to IBM Flex
System Manager and
can perform all administrative tasks. These members can define the
privileges available to the smmgr, smmon, smuser, and groupread groups.
The privileges available to members of the smadmin group cannot be
restricted.Note: At the operating system level, the smadmin group maps to SMAdministrator role. A best practice is to add or remove users from the user groups but to not delete the system-defined user groups because IBM Flex System Manager uses them in the IBM Flex System Manager Web interface to authorize users to IBM Flex System Manager.Important: If you add a user to this group, the user can modify or delete all system-level resources and resources for all other users, including operating-system and user files and processes. Before assigning a user to this group, be sure that the user requires SMAdministrator authority.
- smdefault (Default group)
- All users of the management software are members of the smdefault group.
- smmgr (Manager group)
- Members of the smmgr group can perform management operations, which are a subset of the functions that a member of the smadmin group can perform.
- smmon (Monitor group)
- Members of the smmon group can access those administrative functions that provide read-only access, such as monitoring.
- smuser (User group)
- Members of the smuser group can perform only a basic set of operations.