HPE Community
HPE OneView
1834513 Members
2233 Online
110068 Solutions
New Discussion

Minor security bug

 
JayFromIT
Advisor

‎08-05-2019 09:35 AM

‎08-05-2019 09:35 AM

Minor security bug

I noticed if I create a scope for a user who has access to limited amount of servers (say per location), he or she then can click on the data center tab, then click another server from the rack view that he is not authorized to see. Then after that click it takes him to the "server hardware page" then shows the list of servers from the entire infrastructure instead of just the ones he or she is authorized to see. They still don't have access to reboot or shutdown, however now they now have read only access to the entire infrastructure including SSO into the individual ilo boards. 

0 Kudos
Reply
1 REPLY 1
ChrisLynch
HPE Pro

‎08-05-2019 01:59 PM

‎08-05-2019 01:59 PM

Re: Minor security bug

The behavior you have experienced is currently by desight.  Scopes today is not designed for multi-tenant purposes, which is the behavior you are inquiring about.  All users have Read-Only access to resources on the appliance.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.