HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

Minor security bug

 
JayFromIT
Occasional Contributor

Minor security bug

I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards. 

1 REPLY 1
Highlighted
ChrisLynchHPE
Neighborhood Moderator

Re: Minor security bug

The behavior you have experienced is currently by desight.  Scopes today is not designed for multi-tenant purposes, which is the behavior you are inquiring about.  All users have Read-Only access to resources on the appliance.


Accept or Kudo