From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=jrey@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48K4Xd1SRHzDqgr for ; Sat, 15 Feb 2020 07:21:36 +1100 (AEDT) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 01EKKYMQ122651 for ; Fri, 14 Feb 2020 15:21:34 -0500 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 2y1ucq76g3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Feb 2020 15:21:34 -0500 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 01EKJOdN004353 for ; Fri, 14 Feb 2020 20:21:33 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma01dal.us.ibm.com with ESMTP id 2y5bc0bh4q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Feb 2020 20:21:33 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 01EKLWZx65601940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 14 Feb 2020 20:21:32 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CD747805E for ; Fri, 14 Feb 2020 20:21:32 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CC4E17805C for ; Fri, 14 Feb 2020 20:21:31 +0000 (GMT) Received: from demeter.rchland.ibm.com (unknown [9.10.254.252]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTPS for ; Fri, 14 Feb 2020 20:21:31 +0000 (GMT) From: Joseph Reynolds Subject: New Redfish roles for ServiceRep and OemRep To: openbmc Message-ID: Date: Fri, 14 Feb 2020 14:21:30 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-02-14_07:2020-02-14, 2020-02-14 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 bulkscore=0 phishscore=0 impostorscore=0 adultscore=0 lowpriorityscore=0 mlxscore=0 mlxlogscore=626 priorityscore=1501 suspectscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2001150001 definitions=main-2002140147 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Feb 2020 20:21:37 -0000 This is to propose two new Redfish roles: The BMC Administrator should not have access to operations involving the manufacturing process or servicing the host because these operations can damage the system or cause unintended operation. Examples of access needed: 1. ServiceRep - Needs to access BMC operations to service the system, such as re-enabling locked out field replaceable units (FRUs) after replacing a defective unit. 2. OemRep - Needs to access BMC operations to test the host system, such as how the system responds to overheating. I believe these roles are clearly distinct from role=Administrator or any other role. The roles should NOT have access to the BMC's configuration or user management.  For example, the BMC admin will be able to lock out any service agent or OemRep using the regular user management functions. Does anyone else need for these roles?  If so, I will try to get them into Redfish. - Joseph This topic was discussed briefly in the OpenBMC security working group, 2019-11-27: https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI See also: https://github.com/ibm-openbmc/dev/issues/1529