All of lore.kernel.org
 help / color / mirror / Atom feed
* New Redfish roles for ServiceRep and OemRep
@ 2020-02-14 20:21 Joseph Reynolds
  2020-02-17  7:29 ` Thomaiyar, Richard Marian
  0 siblings, 1 reply; 4+ messages in thread
From: Joseph Reynolds @ 2020-02-14 20:21 UTC (permalink / raw)
  To: openbmc

This is to propose two new Redfish roles:

The BMC Administrator should not have access to operations involving the 
manufacturing process or servicing the host because these operations can 
damage the system or cause unintended operation.

Examples of access needed:
1. ServiceRep - Needs to access BMC operations to service the system, 
such as re-enabling locked out field replaceable units (FRUs) after 
replacing a defective unit.
2. OemRep - Needs to access BMC operations to test the host system, such 
as how the system responds to overheating.

I believe these roles are clearly distinct from role=Administrator or 
any other role.

The roles should NOT have access to the BMC's configuration or user 
management.  For example, the BMC admin will be able to lock out any 
service agent or OemRep using the regular user management functions.

Does anyone else need for these roles?  If so, I will try to get them 
into Redfish.


- Joseph

This topic was discussed briefly in the OpenBMC security working group, 
2019-11-27: 
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI

See also: https://github.com/ibm-openbmc/dev/issues/1529

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-03-05  0:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-14 20:21 New Redfish roles for ServiceRep and OemRep Joseph Reynolds
2020-02-17  7:29 ` Thomaiyar, Richard Marian
2020-02-18  0:48   ` Joseph Reynolds
2020-03-05  0:26     ` Joseph Reynolds

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.