- Community Home
- >
- Software
- >
- HPE OneView
- >
- Limit SSO permissions
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2019 12:55 PM
12-18-2019 12:55 PM
Is there a way to limit the SSO permissions I am granted to an ILO? I have two main scopes, Linux and Windows. I only have the default READ ONLY permissions to the Linux scope. However, if I browse that scope and click on the "iLO Host Name" link for the iLO on a server in that scope, the SSO takes me into that iLO automatically and I now have FULL admin rights to that ILO - which means I can now shut down that Linux server via the iLO. If I were to try to login normally to that iLO using the web interface, I would have NO access and not even be able to login. Yet, SSO gives me full access now.
Suggestions?
Thanks
NK
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2019 10:25 AM
12-19-2019 10:25 AM
Re: Limit SSO permissions
Can you share what version of HPE OneView you have in your environment? Does your user account have access to other scopes or even higher priviledge roles, like Infrastructure Administrator?
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2019 02:09 PM
12-19-2019 02:09 PM
Re: Limit SSO permissions
Hi. I see Chris asked you for the OneView version.
I'm very interested to see that, because what you are seeing should not happen.
A few thinigs to note:
- First, even a read only user will be able to SSO to the iLO, but they should get logged in as an iLO read-only user, which means you can look around, but you definitely should not be ale to shut down the server. I just want to make sure you're not accidentally thinking that just because you were logged in, you can do all those things.
- Assuming you really did log in as an admin user on the iLO, I would first suggest that you very carefully check your roles and scopes. It's easy to have a user with multiple role or scopes and have the combination lead to more access that you originally anticipated. Maybe verify that you're a OneView read-only user by trying to power off or reset the server before you connect to the iLO. If OneView lets you power off a server, that means we think you have admin access.
- We enhanced this functionality in an upcoming release where we also understand the "operator" role. So now there are three levels of iLO login based on your OneView role.
Thanks, and let us know what you found out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2019 07:40 AM
12-23-2019 07:40 AM
SolutionThanks for the comments.
LOL - I logged in again, to the test Linux iLO, to capture some screen shots and now it shows the correct permissions.
I swear I checked all this and I had full admin permisons (when looking at the "Sessions" tab in the ilo, the current session shows all the permissions assigned at the far right in columsn). But maybe I originally saw the "X's" and "checkmarks" - or maybe I just need a vacation.
Anyways...thanks. Everything looks good now.
Nelson