Fujitsu KVM series3-Client ユーザーズマニュアル
Managing local user accounts
Appliance Management Panel
78
590-590-609A
The appliance names and target device names used for group queries are stored in
the appliance. The appliance name and target device names specified in the SNMP
and Devices categories of the AMP must identically match the object names in
Active Directory. Each appliance name and target device name may be comprised
of any combination of upper-case and lower-case letters (a-z, A-Z), digits (0-9) and
hyphens (-). You cannot use spaces and periods (.) or create a name that consists
entirely of digits. These are Active Directory constraints.
the appliance. The appliance name and target device names specified in the SNMP
and Devices categories of the AMP must identically match the object names in
Active Directory. Each appliance name and target device name may be comprised
of any combination of upper-case and lower-case letters (a-z, A-Z), digits (0-9) and
hyphens (-). You cannot use spaces and periods (.) or create a name that consists
entirely of digits. These are Active Directory constraints.
Create one or more groups under the group container organizational unit.
Add the user names and target device and appliance to the groups you created in
step 5.
step 5.
Specify the value of any attribute being used to implement the access control
attribute. For example, if you are using
attribute. For example, if you are using
info as the attribute in the Access Control
Attribute field and using the Notes property in the group object to implement the
access control attribute, the value of the Notes attribute in Active Directory may be
set to one of the three available access levels (KVM User, KVM User Admin, or
KVM Appliance Admin) for the group object. The members of the group may then
access the appliances and target devices at the specified access level.
access control attribute, the value of the Notes attribute in Active Directory may be
set to one of the three available access levels (KVM User, KVM User Admin, or
KVM Appliance Admin) for the group object. The members of the group may then
access the appliances and target devices at the specified access level.
5.4
Managing local user accounts
The Users category lists user names in the appliance user database and their access
levels. You can add, modify, or delete a user account from this category. The security
lock-out feature is also controlled from this category.
levels. You can add, modify, or delete a user account from this category. The security
lock-out feature is also controlled from this category.
The fields in this category are disabled if LDAP is being used for both Authentication
and Authorization. If LDAP is being used only for Authentication, then users can be
added and modified in this category, but only to set the access control lists for the users
(the password fields are disabled in this mode).
and Authorization. If LDAP is being used only for Authentication, then users can be
added and modified in this category, but only to set the access control lists for the users
(the password fields are disabled in this mode).
5.4.1
Access levels
You can assign users one of three access levels: user, user administrator, or appliance
administrator. Use the user access level to assign individual target device access rights
to a user.
administrator. Use the user access level to assign individual target device access rights
to a user.
Table 7 on page 79 indicates the types of appliance operations that can be performed in
the three access levels.
the three access levels.