HPE Community
HPE OneView
1752579 Members
3915 Online
108788 Solutions
New Discussion

Re: "Unable to set remote support." when user is restricted to a scope

 
SOLVED
Go to solution
Sven_Probst
Occasional Advisor

‎02-12-2021 07:12 AM

‎02-12-2021 07:12 AM

"Unable to set remote support." when user is "server firmware administrator" for just one scope

Oneview Version: 5.50.00-0426657

I am unable to set the remote-support-contact for a server, when I have just rights for one scope. Error is "Unable to set remote support". Same role with access to all ressources is able to set. Is this intended or are there more rights to be added to the user?

Best regards

Sven Probst

0 Kudos
Reply
8 REPLIES 8
ChrisLynch
HPE Pro

‎02-12-2021 12:59 PM

‎02-12-2021 12:59 PM

Re: "Unable to set remote support." when user is "server firmware administrator"

In order to set Remote Support configuration, the role needed is Server Administrator.  The Server Firmware Operator can only adjust the associated baseline within the server profile, and change the power state of the server.  Nothing more.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Sven_Probst
Occasional Advisor

‎02-13-2021 08:26 AM

‎02-13-2021 08:26 AM

Re: "Unable to set remote support." when user is "server firmware administrator"

strange.. I actualy can set remote-support with this role, but only if not restricted to a scope. And it also does not work as server-admin restricted to a scope. This behavior changed with the update to HPE Oneview Version 5.30.00-0421400, after this version you can only change remote-support while you have access to all servers. (focus is on the restriction to a scope!)

Best regards

Sven Probst

0 Kudos
Reply
ChrisLynch
HPE Pro

‎02-13-2021 08:32 AM

‎02-13-2021 08:32 AM

Re: "Unable to set remote support." when user is "server firmware administrator"

Then what you saw in older version was a bug and should not have been allowed. Roles have specific permissions. And this role is not suppose to be able to modify remote support settings.

I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Sven_Probst
Occasional Advisor

‎02-13-2021 10:45 AM

‎02-13-2021 10:45 AM

Re: "Unable to set remote support." when user is restricted to a scope

ok, I repeat: I can change the remote support with the role "server firmware admin", according to you this should be a bug. It does not work with any role when this role is restricted to a scope. Our user can add their server to oneview to their assigned scope, the primary contact is assigned by default, they can't change it to their contact data. This can only be done if you have a role with access to all servers. (I changed the subject to the real problem...)

0 Kudos
Reply
ChrisLynch
HPE Pro

‎02-13-2021 11:04 AM

‎02-13-2021 11:04 AM

Re: "Unable to set remote support." when user is restricted to a scope

The fact a user with Firmware Operator can change Remote Support settings when not scoped is a bug.  That is not supposed to be allowed.  Please review this help topic and this help topic on what the various roles allow a user to do. 

On the first link, the Server Firmware Operator is allowed the following operations:

Server firmware operator

  • View managed or monitored resource information.
  • Access the physical servers.
  • Edit, but not create or delete, physical servers.
  • Edits the server hardware, firmware baseline, firmware installation method, and activation schedule values on server profiles.

At the very bottom of the second page is the following statement:

Server firmware operator can only update manageFirmwarefirmwareBaselineforceInstallFirmwarefirmwareInstallTypefirmwareActivationType and serverHardwareUri attributes.

This means that a Firmware Operator cannot change any settings other than firmware settings within the Server Profile, and to be able to change the power state of an associated server hardware resource.

I will raise this internally as a bug to be addressed in a future release of OneView.
 
 
 
 

I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Sven_Probst
Occasional Advisor

‎02-16-2021 12:32 AM

‎02-16-2021 12:32 AM

Re: "Unable to set remote support." when user is restricted to a scope

I double checked that in my installation:

"Server Administrator" restricted to a scope is not able to set remote support contact! This is only possible if the role is not restricted to a scope.

According to you, this should be allowed? Is this part of your bug resport?

0 Kudos
Reply
ChrisLynch
HPE Pro

‎02-16-2021 09:11 AM

‎02-16-2021 09:11 AM

Re: "Unable to set remote support." when user is restricted to a scope

This is a bug within OneView.  You should be allowed to configure Remote Support Settings with the Server Administrator role when the account is scoped to specific server resources.  What is not a bug is the Firmware Operator role, should not be allowed to modify Remote Support settings.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
ChrisLynch
HPE Pro

‎02-17-2021 12:43 PM

‎02-17-2021 12:43 PM

Solution

Re: "Unable to set remote support." when user is restricted to a scope

I am following up here to inform you that the scope bug will be addressed in our next OneView release.  However, what is not fixed is inadvertently allowing Server Firmware Operator role the ability to adjust Remote Support settings, when it is not supposed to.  That is going to be addressed in a future OneView release beyond our next release.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.