Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Marcos Olmos · ‎01-30-2018

Hello.

I am testing SCBA functionality on a successfully-upgraded OneView 4.0 system.

Page 78 of HPE OneView 4.0 User Guide states:

When scopes are defined and resources assigned to them, you can:
• Restrict the resources displayed in the user interface (UI) to those assigned to the scope.

I think that sentence is not completely true. When the user logs in, the displayed information is filtered by "All resources in scope". However, the user is able to change the filter to "All resources", gaining visibility of them. Of course, the user cannot operate/manage them, but there is no restriction to display resources not assigned to the scope.

Is this the expected behaviour? Am I missing anything in SBAC configuration?

Regards,

RR33 · ‎01-30-2018

This looks to be more of an individual perception on interpreting what is written in the user guide.

What is seen is as per design only unless it has any functional impacts on the environment.

I´m a volunteer in the HPE Forum.

ChrisLynch · ‎01-30-2018

SBAC is used for delegation of administration, not for multi-tenancy. The All Resources In Scope is a way to mimic the behavior of multi-tenancy. But as you saw, it doesn't stop anyone from changing it to All Resources. And doing that does NOT mean one has Use rights. This is called out in the User Guide.

I am an HPE employee

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Hewlett Packard Enterprise International