Local Users & Sessions

Controlling who can access the BMC is the first and most important step in securing your server. By default, the BMC uses a local user database. You should create individual accounts for each administrator and assign them the appropriate level of privilege.

This chapter shows you how to manage local user accounts, understand privilege levels, and monitor active sessions.

Creating, editing, and deleting user accounts

You can manage all local user accounts from the User Management page.

  1. In the sidebar menu, navigate to Security and access > User management.

  2. To create a new user, click the Add user button.

  3. Fill in the user's details:

    • Username: The login name for the user.

    • User Password: Set a strong password. The interface will enforce any configured password complexity rules.

    • Privilege: Assign the appropriate access level.

    • Account status: Set to Enabled to make the account active.

  4. Click Add user to save the new account.

[Image, EXISTING, Source: 9.3: 顯示使用者管理頁面,其中包含使用者清單和「新增使用者」按鈕的螢幕截圖。] [Image, EXISTING, Source: 9.3: 顯示「新增使用者」對話方塊,其中包含使用者名稱、密碼和權限欄位的螢幕截圖。]

To edit or delete an existing user, click the pencil icon (edit) or trash icon (delete) next to their name in the user list.

Best Practice: Create named administrator accounts

Instead of everyone sharing the default root account, it's a critical security practice to create a named administrator account for each person who needs access. After creating your own administrator account, you should change the root password to something long and complex and store it securely, or disable the account if your security policy allows. This creates accountability and improves audit trails.

Understanding user privileges

The BMC has three distinct privilege levels, allowing you to implement the principle of least privilege.

  • Administrator: Has full read/write access to everything. Can change all settings, manage other users, and perform all operations.

  • Operator: Has access to most operational tasks, such as power cycling the server, using the KVM, and mounting virtual media. However, they cannot change critical security settings or manage other users.

  • ReadOnly: Can view status pages, logs, and current settings, but cannot make any changes. This role is perfect for monitoring or auditing purposes.

Viewing active user sessions

The Sessions page provides a real-time view of all users who are currently logged into the BMC, and what method they are using. This is useful for security auditing and for seeing who is actively managing the server.

To view active sessions, navigate to Security and access > Sessions.

[Image, EXISTING, Source: 9.1: 顯示工作階段頁面,其中列出了作用中的 WebUI 和 IPMI 工作階段及其使用者名稱和 IP 位址的螢幕截圖。]

The sessions table provides the following information:

  • Session ID: The unique identifier for the active session.

  • Session Type: The protocol or method used to connect (e.g., WebUI, IPMI, Redfish, or SOL).

  • Mount Type: If the session is related to virtual media, this specifies how it was mounted.

  • User ID: The user's numerical ID within the system.

  • User Name: The login username associated with the session.

  • IP Address: The source IP address of the connection.

  • Privilege: The privilege level of the logged-in user.

You can use the trash icon to terminate an active session, which will force that user to be logged out.

PreviousManaging BMCNextCentralized Authentication

Last updated