Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.
An XCCDF Rule
Description
<VulnDiscussion>Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categories: Tasks are functions that a user can perform, and the managed resource role defines where those tasks might be carried out. The Access Administrator assigns a user ID and user roles to each user of the Hardware Management Console. • OPERATOR OPERATOR • ADVANCED ADVANCED OPERATOR • ACSADMIN ACCESS ADMINISTRTOR • SYSPROG SYSTEM PROGRAMMER • SERVICE SRVICE REPRESENTATIVE Failure to establish this environment may lead to uncontrolled access to system resources. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Systems Programmer</Responsibility><IAControls>ECLP-1</IAControls>
- ID
- SV-30022r2_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The System Administrator must set up a list of Users
Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities
and these must match the users defined to the HMC.
To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.