HPE Community
HPE OneView
1753835 Members
7466 Online
108806 Solutions
New Discussion

Re: Minor security bug

 
JayFromIT
Advisor

‎08-05-2019 09:35 AM

‎08-05-2019 09:35 AM

Minor security bug

I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards. 

0 Kudos
Reply
1 REPLY 1
ChrisLynch
HPE Pro

‎08-05-2019 01:59 PM

‎08-05-2019 01:59 PM

Re: Minor security bug

The behavior you have experienced is currently by desight.  Scopes today is not designed for multi-tenant purposes, which is the behavior you are inquiring about.  All users have Read-Only access to resources on the appliance.


I am an HPE employee

Accept or Kudo

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.