HPE OneView

Minor security bug


Minor security bug

I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards. 


Re: Minor security bug

The behavior you have experienced is currently by desight.  Scopes today is not designed for multi-tenant purposes, which is the behavior you are inquiring about.  All users have Read-Only access to resources on the appliance.

I am an HPE employee

Accept or Kudo