Manage User Profiles and Access
Manage your system users that log on to the HMC. A user profile is a combination of a user ID, server authentication method, permissions, and a text description. Permissions represent the authority levels assigned to the user profile for the objects the user has permission to access.
Users can be authenticated using local authentication on the HMC, by using Kerberos remote authentication, or by using LDAP authentication. For more information on setting up Kerberos authentication on the HMC, see Manage KDC. For more information about LDAP authentication, see Manage LDAP.
For security reasons, remotely authenticated Kerberos or LDAP users cannot lock the local console.
If you are using local authentication, the user ID and password are used to verify a user’s authorization to log on the HMC. The user ID must start with an alphabetic character and consist of 1 to 32 characters. The password has the following rules:
- Must begin with an alphanumeric character.
- Must contain at least 7 characters, however, this limit can be changed by your system administrator.
- The characters must be standard 7-bit ASCII characters.
- Valid characters to use for the password can be: A-Z, a-z, 0-9 and special characters (~ ! @ # $ % ^ & * ( ) _ + - = { } [ ] \ : " ; ’).
If you are using Kerberos authentication, specify a Kerberos remote user ID.
If you select LDAP authentication, no additional information is required.
The user profile includes managed resource roles and task roles that are assigned to the user. The managed resource roles assign permissions for a managed object or group of objects and the task roles define the access level for a user to perform on a managed object or group of objects. You can choose from a list of available default managed resource roles, task roles, or customized roles that are created by using the Manage Task and Resource Roles task.
See HMC tasks, user roles, IDs, and associated commands for a listing of all the HMC tasks and the predefined default user IDs that can perform each task.
- All System Resources
- hmcservicerep (Service Representative)
- hmcviewer (Viewer)
- hmcoperator (Operator)
- hmcpe (Product Engineer)
- hmcsuperadmin (Super Administrator).
To add or customize a user profile, complete the following steps:
- In the navigation area, select the managed system and click the Users
and Security icon
, and then select Users
and Roles. - In the content pane, click Manage User Profiles and Access.
- Complete one of the following steps:
- From the User Profiles window, if you are creating a new user ID, point to User on the menu bar and when its menu is displayed, click Add. The Add User window is displayed.
- From the User Profiles window, if you are creating a user
ID with the same attributes as an existing profile, point to User on
the menu bar and when its menu is displayed, click Copy. The Copy
User window is displayed. Note: Some user profiles are predefined, such as a default ID, and those permissions cannot be changed. However, you can copy a default user profile, such as operator, and then modify the resulting new user profile. The newly defined user cannot have greater permissions than the original copied user profile.
- From the User Profiles window, if you are deleting a user ID, point to User on the menu bar and when its menu is displayed, click Remove. The Remove User window is displayed.
- From the User Profiles window, if the user ID exists in
the window, select the user ID from the list, and then point to User on
the menu bar and when its menu is displayed, click Modify.
The Modify User window is displayed.
- To specify timeout and inactivity values, click User Properties from the Modify User window.
- Complete or change the fields in the window, click OK when you are done.
Use the online Help if you need additional information for creating, modifying, copying, or removing a user profile and modifying timeout and inactivity values.
