How to Use
Using Device Group Permissions in Dell OpenManage Essentials
6
This white paper explains the use of the device group permissions portal and how the device group
permissions feature in Dell OpenManage Essentials can help mitigate risks of mistargeted tasks and over
privileged users. This document includes:
• Assigning users to the OmeSiteAdministrators role.
• The limitations and constraints of an OmeSiteAdministrator.
• Assigning device groups to a user.
• How to use the device group permissions portal.
• Use cases of common scenarios.
• FAQ section about the device group permissions portal and OmeSiteAdministrator restrictions.
OpenManage Essentials Roles
Users of OpenManage Essentials have one or several of the following roles. A role is a set of permissions
that determines what a user can and cannot do in OpenManage Essentials. A user can have multiple
roles. When a user has multiple roles, the permissions are additive.
The following section is a brief overview of the roles in OpenManage Essentials. For further reading,
please visit the OpenManage Essentials roles white paper:
http://en.community.dell.com/techcenter/extras/m/white_papers/20029260.aspx
OmeUsers
Read only privileges. An OmeUser cannot create or edit items in OpenManage Essentials (exception is
discovery and inventory). Cannot view or edit device group permissions.
OmePowerUsers
All read write privileges except for preferences (read only). Cannot view or edit device group
permissions.
OmeSiteAdministrators
The OmeSiteAdministrators role is a new role introduced in OpenManage Essentials v1.2. The role is
similar to the OmeAdministrators role, but has several limitations. To read the limitations, please see
the Limitations of OmeSiteAdministrators section below.
The OmeSiteAdministrators role is a virtual user group that does not appear in the active directory. It is
managed completely by the OpenManage Essentials console.
Limitations of OmeSiteAdministrators
An OmeSiteAdministrator is a limited user. An OmeSiteAdministrator does not have the same access
level of an OmeAdministrator. The device group permissions portal is not visible to an
OmeSiteAdministrator. To ensure the security of the role in the OpenManage Essentials console, an
OmeSiteAdministrator has the following limitations.