Accumulating Privileges Using Extended Schema

The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.

The following figure provides an example of accumulating privileges using Extended Schema.

Figure 3. Privilege Accumulation for a User

The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects.

Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user.

In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2. In addition, this figure shows that User1 can be in a different domain and can be a member of a group.

Configuring Extended Schema Active Directory

To configure Active Directory to access iDRAC:

1.Extend the Active Directory schema.

2.Extend the Active Directory Users and Computers Snap-in.

3.Add iDRAC users and their privileges to Active Directory.

4.Configure iDRAC Active Directory properties using iDRAC Web interface or RACADM.

Related Links

Extended Schema Active Directory Overview

Installing Dell Extension to the Active Directory Users and Computers Snap-In Adding iDRAC Users and Privileges to Active Directory

Configuring Active Directory With Extended Schema Using iDRAC Web Interface

151

Page 151
Image 151
Dell iDRAC8 manual Configuring Extended Schema Active Directory, Accumulating Privileges Using Extended Schema