Dell OpenManage Essentials How to Use

OME Engineering Team
Using Device Group Permissions in Dell OpenManage Essentials
This technical white paper describes how to use the device group permissions feature in OpenManage Essentials
Using Device Group Permissi on s in Dell OpenManage Essentials
This document is for informational purposes only and may contain typographical errors and tech nical inaccuracies. The content is provided as is, without express or implied warranties of any kind.
© 2013 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omission s in typography or photography. Dell, the Dell logo, and PowerEdge are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft, Windows, and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others.
June 2013| Version 1.0
ii
Using Device Group Permissi on s in Dell OpenManage Essentials
Contents
Executive Summary................................................................................................... 5
Introduction ........................................................................................................... 5
OpenManage Essentials Roles ....................................................................................... 6
OmeUsers ............................................................................................................. 6
OmePowerUsers ..................................................................................................... 6
OmeSiteAdministrators ............................................................................................. 6
Limitations of OmeSiteAdministrators ......................................................................... 6
OmeAdministrators .................................................................................................. 7
Device Group Permissions Port al ................................................................................... 7
Editing Members of OmeSiteAd ministrators ..................................................................... 7
Add New User ...................................................................................................... 7
Add/Remove Existing User ....................................................................................... 9
Add an OmeAdministrator ........................................................................................ 9
Assigning Device Groups to an Ome SiteAdministrator ........................................................ 10
Use Cases ............................................................................................................ 11
Assigning Users to Locatio n Based Device Groups ........................................................... 11
Assigning Users to Operati n g System Based Device Groups ................................................ 16
Promoting an OmeSiteAdministrator to an OmeAdministrator ............................................ 16
Summary .............................................................................................................. 17
FAQ .................................................................................................................... 17
Device Group Permissions Por tal ................................................................................. 17
Remote and System Update Tasks ............................................................................... 18
Custom Groups ...................................................................................................... 18
Figures
Figure 1. Edit Members of OmeSiteAdministrators ................................................................ 8
Figure 2. Edit members wizard ....................................................................................... 8
Figure 3. Select user in edit membe rs wizard ...................................................................... 9
Figure 4. Select user in OmeSiteAdministrators tree ............................................................. 10
Figure 5. (Un)select device group permissions .................................................................... 11
Figure 6. Create Austin Data Center Query ........................................................................ 12
Figure 7. Create Boston Data Cente r Query ....................................................................... 12
Figure 8. Select the Austin Data Center Query .................................................................... 13
iii
Using Device Group Permissi on s in Dell OpenManage Essentials
Figure 9. Select the Austin Data Center device group ........................................................... 14
Figure 10. UserA deployment task targets ......................................................................... 15
Figure 11. UserB deployment task targets ......................................................................... 15
Figure 12. Create Linux OS query ................................................................................... 16
iv
Using Device Group Permissi on s in Dell OpenManage Essentials

Executive Summary

This white paper describes t he process of assigning users to the OmeSiteAdministrator s role and assigning device group permissions to a user using OpenManage Essentials.
This document explains how to assign device group permissi on s to a user for targeting system update and remote tasks. OmeSiteAdministrators (a new role introduced in OpenManage Essentials v1.2) can only target device groups as signed to them. Using OpenManage Essentials, an ad ministrator can assign a user to a specific set of device gr oups for targeting system update and remote tasks, reducin g the impact and side effects a user can have in OpenManage Essentials.

Introduction

Several IT professionals can simult an eously use OpenManage Essentials. In many cases, the IT professionals divide responsibilities of devices. The responsibilities can be divided several ways. Devices are categorized and re sponsibilities divided based on geographi cal lo ca tion, device type, operating system, network se t up, and other factors. Custom device groups help users divide t heir devices.
Custom device groups separat e an d subset devices. Users can cre ate custom device groups in OpenManage Essentials. A custom device gr oup can be created from a query, a combination of other devices groups, a selection of devices, or a combination o f d e vice groups and device select ions. Creating a subset of devices (a cu stom device group) makes it easier to accurately target groups of devices throughout OpenManage Essentials.
Creating custom device groups is helpful when dividing responsibilities of devices, but all device groups and devices can be targeted by users. Unwanted behaviors of devices may occur if an overlap in targets or accidental targeting of device groups occurs while creating system update or remote tasks. A misused task or update can cause downtime, additional effort, and even an interruption of service.
To mitigate the risk of incorrectly targeted tasks, reduce the scope of select users and divide the responsibilities of management more easily, the device grou p p e rmissions portal and functionality was developed for the OpenManage Essentials v1.2 release. The portal configures the newly added OmeSiteAdministrators role and assigns device group permissions to members of the OmeSiteAdministrators role. The device group permissions portal’s purpose is to limit what a user can target when creating remote and system update tasks.
The device group permission s portal gives administrator s greater control over what users can target. An administrator can create custom groups tailored to the device responsibilities of users and assign users to the created custom device groups. For instan ce , an administrator can create a custom group based on the IP address range of a data ce n ter and assign the custom group t o the onsite administrator. Another possible scenario is cr eating custom device groups based on the operating system of the devices and assigning the device groups to the operating system management specialist.
The benefit of using the device gr oup permissions feature is that administrators have control over what targets are visible to a user. An ad ministrator can reduce the visibility of device groups to users that should not target all device groups and devices. Hiding target devices is especially beneficial when a subset of devices is mission crit ical and should not be targeted by most users.
5
Using Device Group Permissi on s in Dell OpenManage Essentials
This white paper explains the use of the device grou p p e r missions portal and how the device group permissions feature in Dell OpenManage Essentials can help mitigate risks of mistargeted tasks and over privileged users. This document includes:
Assigning users to the OmeSiteAdministrators role.
The limitations and constraints of an OmeSiteAdministrator.
Assigning device groups to a u se r .
How to use the device group permissions portal.
Use cases of common scenarios.
FAQ section about the device group permissions portal and OmeSiteAd ministrator restrictions.

OpenManage Essentials Roles

Users of OpenManage Essentials have one or several of the following roles. A role is a se t of permissions that determines what a user can and cannot do in OpenManage Essentials. A user can have multiple roles. When a user has multiple roles, the permissions are additive.
The following section is a brie f overview of the roles in OpenM anage Essentials. For further reading, please visit the OpenManage Essentials roles white paper:
http://en.community.dell.com/techcenter/extras/m/white_papers/20029260.aspx

OmeUsers

Read only privileges. An OmeUser cannot create or edit items in OpenManage Essentials (exce p tion is discovery and inventory). Cannot view or edit device group permissions.

OmePowerUsers

All read write privileges except for preferences (read only). Cannot view or edit device group permissions.

OmeSiteAdministrators

The OmeSiteAdministrator s r ole is a new role introduced in O p e nManage Essentials v1.2. The role is similar to the OmeAdminist r at ors role, but has several lim it ations. To read the limitations, please see the Limitations of OmeSiteAdministr at ors section below.
The OmeSiteAdministrator s r ole is a virtual user group that does not appear in the active di r e ct ory. It is managed completely by the OpenManage Essentials console.

Limitations of OmeSiteAdministrators

An OmeSiteAdministrator i s a limited user. An OmeSiteAdministrator does not have the sam e access level of an OmeAdministrator . The device group permission s p or tal is not visible to an OmeSiteAdministrator. To e n sure the security of the role in the OpenManage Essentials console, an OmeSiteAdministrator has the following limitations.
6
Loading...
+ 12 hidden pages