HPE Community
HPE OneView
1752330 Members
5792 Online
108786 Solutions
New Discussion

Re: Users can view servers outside of scope

 
SOLVED
Go to solution
daax
Occasional Advisor

‎09-09-2019 10:39 AM - last edited on ‎09-15-2019 11:26 PM by

‎09-09-2019 10:39 AM - last edited on ‎09-15-2019 11:26 PM by

Users can view servers outside of scope in HPE OneView

I'd like to isolate users to a certain set of hardware when they log into oneview.

Currently you can (somewhat) do this by assigning an active directory group to a particular scope within the oneveiw appliance. However, I've noticed that doing this only applies a filter when a user logs in to restrict their view to thier assigned scope; If the user clears the filter they then have read only access to all other harware that is connected to the onview appliance. They are able to sso into ilos that are outside of their scop and see settings/usernames of other ilos, which i don't want.

As an example, if i had a oneview appliance with 30 servers connected to it, how could i restrict a user so that they can only see/interact with 10 of the 30 servers without them also haveing read only access to the remaining 20? Is this possible?

0 Kudos
Reply
1 REPLY 1
ChrisLynch
HPE Pro

‎09-09-2019 03:35 PM

‎09-09-2019 03:35 PM

Solution

Re: Users can view servers outside of scope

Today, Scope Based Access Control (SBAC) does not restrict Read-Only access to resources that are not scoped.  Unfortunately, there isn't a way to support what you are trying to implement today.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.