archive mirror
 help / color / mirror / Atom feed
* bmcweb - Redfish - Fix Privilege
@ 2021-08-11  1:15 Abhishek Patel
  0 siblings, 0 replies; only message in thread
From: Abhishek Patel @ 2021-08-11  1:15 UTC (permalink / raw)
  To: openbmc

Redfish defines a PrivilegeRegistry 
This Privilege Registry defines which privilege(s) are needed to access 
the URI. There was work here by Ed to have bmcweb automatically use this 
The commits below change bmcweb to match the PrivilegeRegistry. They 
include two breaking Operator role changes (3 and 4).
1) Fix Log_services privileges 
This change allows Admin, Operator, and Readonly users to access 
Crashdump data and related entries. Before this change, only an admin 
role user could access Crashdump data and related entries (LogService, 
LogEntryCollection, and LogEntry). Operator users only had access to log 
2) Fix BIOS privileges 
This change allows Admin and operator users to Reset bios. Before this 
change, only an admin role user had that privilege.
*Note:* Above 1) and 2) changes are backward compatible because that 
change does not restrict any original user from access.
3) Fix certificate_service privileges 
This change allows only Admin users to Generate CSR certificates and 
restrict Operator users.
4) Fix Ethernet privileges 
This change allows only Admin users to post, patch, and delete on VLAN 
Network Interface Collection and restrict Operator users. Same for the 
EthernetInterfaces patch method.
*Note:* Above 3) and 4) change are *not* *backward compatible* because 
it restricts Operator user from its ability. Does this break anyone? Is 
anyone opposed to these changes?

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-08-11  1:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-11  1:15 bmcweb - Redfish - Fix Privilege Abhishek Patel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).