About user accounts

Authentication

HPE OneView supports both local and directory-based authentication. With local authentication, the authentication directory is hosted locally on the appliance. With directory-based authentication, an external directory service is used to authenticate access.

By default, HPE OneView is configured with a single local user account named Administrator. An Administrator is a person who is assigned to do a first time set up in HPE OneView and has full rights. The default password for this local administrator account is admin. This password must be changed at first login. The administrator login for the appliance is automatically assigned with full access (Infrastructure administrator) privileges, after the first login.

NOTE:
  • You cannot rename the Administrator login name.

  • Only an Administrator can change the password for the administrator account. The Administrator can use the following options to change the password:
    • If you remember the current password: Use User and Groups > Actions > Edit to update the password.

    • If you have forgotten the current password: Use Maintenance Console > Reset Administrator Password option.

  • You can create another user with an Infrastructure Admin role. However, an Infrastructure Admin cannot delete or edit the Administrator user.

You can use an external authentication directory service (also called an enterprise directory or authentication login domain) to grant permissions for groups of users instead of maintaining individual local login accounts. Each user in a group is assigned the same permission. An example of an authentication directory service is a corporate directory that uses LDAP (Lightweight Directory Access Protocol). Hewlett Packard Enterprise recommends limiting the number of local accounts by integrating the appliance with an enterprise directory solution such as Microsoft Active Directory or OpenLDAP.

See About directory service authentication and About emergency local login for additional considerations.

Authorization

Roles

HPE OneView defines a set of roles that describe the actions a user can perform on resource categories. When assigned to a user or directory group, a role grants the right to perform actions on categories of resources managed by the appliance.

Scopes

A scope is a user-defined set of resources. A resource can belong to multiple scopes.

Permissions

Permissions are used to control user access to the appliance and the resources managed by the appliance. The Infrastructure administrator grants rights to users and directory groups by assigning permissions. A permission consists of a role and an optional scope. The role grants access to resource categories. The scope further restricts the rights granted by the role to a subset of instances in the resource category. If a permission is not restricted by scope, the rights granted by the role apply to all resources managed by the appliance. Users and groups can be assigned multiple permissions.
NOTE:
If the Infrastructure Administrator changes permissions while a user is logged on:
  • Local users are logged out. The changed permissions are reflected the next time the user logs in.

  • Enterprise Directory users can continue operating under the old permissions until they log out. The changed permissions are reflected the next time the user logs in.

You can add a user authorized to access all resources managed by the appliance (full access user) or add a user who has access based on their job responsibilities (role-based specialist). For each of these users, authentication is confirmed by comparing the user login information to an authentication directory hosted locally on the appliance.

You can add a user authorized by membership to access all resources managed by the appliance (full access user) or add a user authorized by membership who has access based on their job responsibilities (role-based specialist). For each of these users, authentication is confirmed by comparing the user login information to an enterprise directory.

If you cannot see resource information or perform a resource task, you might not have sufficient privilege. If access is needed, contact your Infrastructure administrator to request additional permissions.

By default, the Dashboard displays status of the most relevant resources that are associated with assigned user roles. If you are assigned multiple roles, such as Network and Storage roles, the dashboard displays the combination of resources that each role would see on the dashboard.HPE OneView defines a set of roles that describe the actions a user can perform on resource categories. When assigned to a user or directory group, a role grants the right to perform actions on categories of resources managed by the appliance.

More information