
Role-Based Security and its
Implementation
This Dell Technical White Paper describes how OpenMa nage Essentials
supports and implements role-based access control at its operational
level.
R Rajiv Nair
Dell | Product Group Enterprise

Role-Based Security and its Implementation
This document is for informational purposes only and may contain typographical errors and
technical inaccuracies. The content is provided as is, without express or implied warranties of any
kind.
© 2011 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions
in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and
Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft,
Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation
in the United States and/or other countries. Other trademarks and trade names may be used in this
document to refer to either the entities claiming the marks and names or their products. Dell disclaims
proprietary interest in the marks and names of others.
November 2011| Rev 1.0
ii

Role-Based Security and its Implementation
Contents
Introduction ................................................................................................................ 4
Role-Based Access Control Implementation .......................................................................... 4
Role-Based Access Control Implementation in OpenManage Essentials .......................................... 5
Using Security Roles and Permissions .................................................................................. 6
Role-Based Access Control Architecture in OpenManage Essentials .............................................. 7
OpenManage Essentials Roles and Associated Permissions ......................................................... 9
OmeAdministrators Console View ...................................................................................... 9
OmePowerUsers Console View ........................................................................................ 10
OmeUser Console View ................................................................................................. 11
Learn More ............................................................................................................. 12
Figures
Figure 1. User Group ...................................................................................................... 4
Figure 2. Adding users to a group ...................................................................................... 5
Figure 3. Select users to a group ....................................................................................... 6
Figure 4. A simplified RBAC Model ..................................................................................... 7
Figure 5. Role-based access control implementation in OpenManage Essentials .............................. 8
Figure 6. OmeAdministrators console .................................................................................. 9
Figure 7. Right-click options enabled ................................................................................ 10
Figure 8. OmePowerUsers console ................................................................................... 10
Figure 9. Preferences tab view ....................................................................................... 10
Figure 10. OmeUsers console .......................................................................................... 11
Figure 11. Right-click options disabled .............................................................................. 12
iii

Role-Based Security and its Implementation
Executive Summary
The management of user access has long been a challenge for organizations. Central to this challenge is
the concept of creating defined user roles. Used correctly, roles provide a means of simplification and
allow organizations to adapt enterprise access to the needs of the business. The result is greater IT
operational efficiency, business agility, and improved security through a set of preventative controls.
Introduction
The purpose of this document is to describe how OpenManage Essentials (OME) supports and
implements role-based access control (RBAC ) at its operations level. This docume nt also explains the
implementation of role-based access control architecture and the role-level permissions assigned in
OpenManage Essentials.
Role-Based Access Control Implementation
After installation launch OpenManage Essentials, the OmeAdministrators, OmePowerUsers and
OmeUsers user groups would be created under Windows Local Users and Groups.
To verify the creation of OpenManage Essentials groups on a Windo ws machine, p erform the following
steps:
1. Log in as an administrator.
2. Right-click My Computer and select Manage.
3. Navigate to Configuration -> Local Users and Groups -> Groups. The OpenManage Essentials
groups are listed in the Groups pane. These are the OmeAdministrators, OmePowerUsers and
OmeUsers groups (Figure 1).
Figure 1. User Group
4

Role-Based Security and its Implementation
Role-Based Access Control Implementation in OpenManage
Essentials
After you have verified that the OpenManage Essentials groups have been created, on a Windows
machine, add user(s) to the OpenManage Essentials groups. Add user(s) to OmeAdministrators first,
later to OmePowerUs ers and then to OmeUs ers. You must be logg ed in as an Admini strator to perfo rm
this procedure. To add users, perform the following steps:
1. Navigate to Local Users and Groups -> Groups.
2. Right-click OmeAdministrators and select Add to Group.
3. In the Properties window , c lick Add.
4. In the Select Users window, enter the user name.
5. Click Check Names and click OK. The user name appears in the Members list in the Properties
window.
6. Click OK.
Note: For details on adding a Windows user account to a group, refer to:
http://windows.microsoft.com/en-US/windows-vista/Add-a-user-account-to-a-group
Note: The users you add must also belong to the built-in lo ca l Administrator group.
Log in as the user that belongs to the OmeAdministrators group and confirm that this user has full
permissions to perform all of the OpenManage Essentials operations.
Similarly, add users to the OmePowerUser and OmeUsers group and confirm that these users have
restricted privileges and can do read-only operations.
Figure 2. Adding users to a group
5