https://community.hpe.com/t5/hpe-oneview/minor-security-bug/m-p/7057633#M4433 <P>I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards.&nbsp;</P> Mon, 05 Aug 2019 16:35:19 GMT JayFromIT 2019-08-05T16:35:19Z https://community.hpe.com/t5/hpe-oneview/minor-security-bug/m-p/7057633#M4433 <P>I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards.&nbsp;</P> Mon, 05 Aug 2019 16:35:19 GMT https://community.hpe.com/t5/hpe-oneview/minor-security-bug/m-p/7057633#M4433 JayFromIT 2019-08-05T16:35:19Z https://community.hpe.com/t5/hpe-oneview/minor-security-bug/m-p/7057656#M4435 <P>The behavior you have experienced is currently by desight.&nbsp; Scopes today is not designed for multi-tenant purposes, which is the behavior you are inquiring about.&nbsp; All users have Read-Only access to resources on the appliance.</P> Mon, 05 Aug 2019 20:59:44 GMT https://community.hpe.com/t5/hpe-oneview/minor-security-bug/m-p/7057656#M4435 ChrisLynch 2019-08-05T20:59:44Z