topic Re: Scope Based Access Control within the same Synergy Frame in HPE OneView

Scope Based Access Control within the same Synergy Frame

jlangmead — Mon, 11 Jan 2021 13:46:26 GMT

Does SBAC allow a configuration whereby a single Synergy Frame can be managed as two separate scopes? I need to be able to ensure that I can create two environments (for example two VMware clusters of 6 compute modules each) that use different Networks, Uplinks and Server profiles etc but need to ensure that I can add a group of administrators to each scope that won't be able to make changes to the resources associated within the other scope.

Am I right in thinking that both scopes will be visible to all logged on scope administrators but will only have access to one scope and the other scope will be Read-Only access?

Is there a way that I can prevent any visibility of the other scope's configuration?

kind regards

Re: Scope Based Access Control within the same Synergy Frame

ChrisLynch — Mon, 11 Jan 2021 17:17:08 GMT

Starting with HPE OneView 5.5, you can remove the All Resources from the UI by enabling Restrict user interface read access by scope feature. You can change it by going to Settings -> Appliance. You will see it listed under Global Settings. This is a UI only enforced feature, and has no impact to API users.

Re: Scope Based Access Control within the same Synergy Frame

jlangmead — Wed, 13 Jan 2021 13:10:12 GMT

Great - thanks Chris