HPE OneView

Users can view servers outside of scope in HPE OneView

Go to solution
Occasional Contributor

Users can view servers outside of scope in HPE OneView

I'd like to isolate users to a certain set of hardware when they log into oneview.

Currently you can (somewhat) do this by assigning an active directory group to a particular scope within the oneveiw appliance. However, I've noticed that doing this only applies a filter when a user logs in to restrict their view to thier assigned scope; If the user clears the filter they then have read only access to all other harware that is connected to the onview appliance. They are able to sso into ilos that are outside of their scop and see settings/usernames of other ilos, which i don't want.

As an example, if i had a oneview appliance with 30 servers connected to it, how could i restrict a user so that they can only see/interact with 10 of the 30 servers without them also haveing read only access to the remaining 20? Is this possible?


Re: Users can view servers outside of scope

Today, Scope Based Access Control (SBAC) does not restrict Read-Only access to resources that are not scoped.  Unfortunately, there isn't a way to support what you are trying to implement today.

I am an HPE employee

Accept or Kudo