HPE Community
HPE Morpheus Enterprise
1829596 Members
2185 Online
109992 Solutions
New Discussion

Group‑Level Dependency for “Instances” Field in Forms to Prevent Unauthorized Visibility

 
Not applicable

‎05-02-2025 03:14 AM

‎05-02-2025 03:14 AM

Group‑Level Dependency for “Instances” Field in Forms to Prevent Unauthorized Visibility

Hello Morpheus Support Team,

in our environment we are using Forms → Type: Instances to let users select an existing instance as part of a workflow Catalog Item. Currently, the dependent fields for the Instances selector appear to be limited to Cloud only.

  • When a user chooses a cloud, the Instances drop‑down lists all instances in that cloud, even those the user cannot actually access (because they belong to other Groups).
  • This inadvertently exposes instance names and details that the user should not see.

For our use‑case it would be far more secure and intuitive if the Group could also be configured as a dependency, so that the Instances list is filtered to the requester’s own scope.

Questions

  1. Does Morpheus currently support adding Group as a dependency for the Instances form field, and I might just be overlooking it?
  2. If not, is this enhancement already on the roadmap, and could you share any timeline or workaround?
  3. In the meantime, is there a recommended best‑practice to restrict the Instances list so users cannot view instances outside their permitted Groups?

Thank you for your help! If you need any further information about our setup, I will gladly provide it.

Best regards,
Marvin

0 Kudos
Reply
1 REPLY 1
Ollie-Phillips
Regular Advisor

‎05-13-2025 01:34 AM

‎05-13-2025 01:34 AM

Re: Group‑Level Dependency for “Instances” Field in Forms to Prevent Unauthorized Visibility

Had a quick look at this. I can’t decide if this is a bug or not. I suspect the instances control should be made to respect group ownership but that would require the ability to link group as dependent field - an option which as you say is not there so maybe it is not a bug.

Perhaps add as an idea in this forum?

A work around would be to use the API to build a REST option list, and use a translation script or request script to include only instances which match the group and cloud id selected in the two previous controls. That would work.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.