Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Marcos Olmos · ‎01-30-2018

Hello.

I am testing SCBA functionality on a successfully-upgraded OneView 4.0 system.

Page 78 of HPE OneView 4.0 User Guide states:

When scopes are defined and resources assigned to them, you can:
• Restrict the resources displayed in the user interface (UI) to those assigned to the scope.

I think that sentence is not completely true. When the user logs in, the displayed information is filtered by "All resources in scope". However, the user is able to change the filter to "All resources", gaining visibility of them. Of course, the user cannot operate/manage them, but there is no restriction to display resources not assigned to the scope.

Is this the expected behaviour? Am I missing anything in SBAC configuration?

Regards,

RR33 · ‎01-30-2018

This looks to be more of an individual perception on interpreting what is written in the user guide.

What is seen is as per design only unless it has any functional impacts on the environment.

I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

ChrisLynch · ‎01-30-2018

SBAC is used for delegation of administration, not for multi-tenancy. The All Resources In Scope is a way to mimic the behavior of multi-tenancy. But as you saw, it doesn't stop anyone from changing it to All Resources. And doing that does NOT mean one has Use rights. This is called out in the User Guide.

I am an HPE employee

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?

Re: Does Scope Based Access Control (OV 4.0) really restrict resource visibility?