HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

 
Marcos Olmos
HPE Pro

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Hello.

I am testing SCBA functionality on a successfully-upgraded OneView 4.0 system.

 

Page 78 of HPE OneView 4.0 User Guide states:

When scopes are defined and resources assigned to them, you can:
• Restrict the resources displayed in the user interface (UI) to those assigned to the scope.

 

I think that sentence is not completely true. When the user logs in, the displayed information is filtered by "All resources in scope". However, the user is able to change the filter to "All resources", gaining visibility of them. Of course, the user cannot operate/manage them, but there is no restriction to display resources not assigned to the scope.

Is this the expected behaviour? Am I missing anything in SBAC configuration?

 

Regards,

Accept or Kudo

2 REPLIES
RR33
HPE Pro

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

This looks to be more of an individual perception on interpreting what is written in the user guide.

What is seen is as per design only unless it has any functional impacts on the environment.

I´m a volunteer in the HPE Forum.
Accept or Kudo

ChrisLynchHPE
Neighborhood Moderator

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

SBAC is used for delegation of administration, not for multi-tenancy. The All Resources In Scope is a way to mimic the behavior of multi-tenancy. But as you saw, it doesn't stop anyone from changing it to All Resources. And doing that does NOT mean one has Use rights. This is called out in the User Guide.

Accept or Kudo