- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: Assigned "Scope Operator" to a scope, but cann...
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-11-2019 02:43 PM
12-11-2019 02:43 PM
When adding a new server to OneView, I can assign it to any scope I have access to, as assigned as a "Server Administrator" role to that scope. But after the server is added, I can no longer add it to any additional scopes I have permissions to. So for example if I have server administrator role permissions assigned to "Scope1", "Scope2", and "Scope3" scopes, I can pick any of those scopes to add the NEW server at intial creation time - but I cannot add to any of them after the fact.
I tried giving myself "Scope Operator" in addition to "Server administrator" - but that does not work.
If I give myself "Scope Operator" to "All resources" - then it works. But that defeats the purpose. I can then add Linux servers, that a UNIX admin added, to my own Windows scopes and then get control of them such as shut down.
Is there a work around for this?
Thanks
NK
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-12-2019 11:35 AM
12-12-2019 11:35 AM
Re: Assigned "Scope Operator" to a scope, but cannot add server resource to it.
In order to modify a Scope, you need either Scope Operator or Scope Administrator. Scope Operator limits you to add or remove resources from the scope, just not create a new or delete an exising scope. If you cannot see the scope in Settings -> Scopes inventory view, change the filter to show All Resources. If you do not have either Scope Operator or Scope Administrator rights, you will be unable to modify any scopes you are assigned to.
What you are likely asking for is a way to exclude resources that others should not have visibility to. We call that multi-tenancy. OneView does not support that, as everyone has Read-Only rights to all resources.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-13-2019 02:01 PM
12-13-2019 02:01 PM
Re: Assigned "Scope Operator" to a scope, but cannot add server resource to it.
Thank you for the response. I am OK with READ ONLY permissions. My scenario is this:
AD group has "Server Administrator" persions role to a scope call "Linux Servers". Thus people in that group have the Server Administrator role permissions to servers in that scope - such as remote into it, shut down, and restart.
and similarly:
AD group has "Server Administrator" persions role to a scope call "Windows Servers". Thus people in that group have the Server Administrator role permissions to servers in that scope - such as remote into it, shut down, and restart.
We also have alerting scopes - if a server is in an alert scope, it sends an email to the DL or address assigned in the alert. Thus we may have 50 servers in the Windows group (so I can manage all 50 when needed) and only 10 of those servers in my "NK Alerting" scope. So I dont get alerts on the other 40 - just the 10 I support directly.
My issue is that even when given Scope Operator permissions the "NK Alerting" scope, I can never add more devices to it later on from the Windows group. If I add server 51 to the Windows group and forget to include my alerting scope when intially adding it, I can never add it later to the "NK Alerting" scope - even if I am assigned a scope operator to both of them.
Thanks
NK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-16-2019 01:40 PM
12-16-2019 01:40 PM
SolutionOK - I found my problem...I think. I had to make all my alerting scopes a child scope of the "Windows Scope". So put all Windows servers, as we add them, to the Windows scope. And then individual alerting scopes, since they are all child scopes of Windows, can then have servers from the Windows scope added to them later on - as long as the user was give scope operator permissions to the "Windows" scope.
And, doing it this way, makes delegating permissions MUCH simpler too...just just have to assign Server Role and Scope Operator permissions to the top level "Windows" scope instead of how I was doing it which was to each individual alerting scope.
Thanks
NK
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP