Scope-based access control implementation process
Click on the icon for the procedure
Determine the role that best aligns with the desired rights
-
For each class of users, determine the HPE OneView role that most closely matches the desired privileges. Your goal should be to find the least privileged role that grants the required privileges. Action privileges for user roles provides details on the rights granted by each role.
-
Determine if the rights granted by the role must be restricted by scope.
-
For each class of users, describe the actions the users can perform. Focus on actions that require create, delete or update rights.
-
Identify the HPE OneView resource categories the user should be able to manage.
-
Consider the actions a user must not be allowed to perform.
| HPE OneView main menu | Related role category names |
|---|---|
| Firmware Bundles |
firmware-drivers |
| Interconnects |
interconnects, sas-interconnects |
| Logical Interconnect Groups |
logical-interconnect-groups, sas-logical-interconnect-groups |
| Logical Interconnects |
logical-interconnects, sas-logical-interconnects |
| Networks |
ethernet-networks, fcoe-networks, fc-networks |
| Power Delivery Devices |
power-devices |
| SAN Managers |
fc-device-managers |
| SANs |
fc-sans |
| Settings |
appliance |
| Users and Groups |
users, grouptorolemappings |
| Volume Templates |
storage-volume-templates |
| Volumes |
storage-volumes |
A role might need to be excluded from consideration if it grants a user the right to perform an action you do not want to allow. But, do not exclude the role from consideration yet. If the category supports scope, it might be possible to use scope restrictions to prevent the user from performing the action (with the exception of
Create).
More information