|
|
Post by sunitha on Sept 18, 2020 5:04:26 GMT
The redfish resources are associated with privileges. With this we can control which client can perform CRUD on which resources - by setting the permissions.
Are the events associated with privileges ?
While subscribing to events, user can specify filters based on the ResourceRegistries etc. Can we have a way to set the validation during the subscription ; so that we can allow subscribing for a resource only if that client is privileged to view that resource.
|
|
|
|
Post by ratagupt on Sept 21, 2020 8:21:18 GMT
Mike, Jeff: Looking for your suggestion on the same. Do we need to send the event messages based on the client and resource privileges?
|
|
|
|
Post by jautor on Sept 23, 2020 2:48:55 GMT
The expectation is that events would be sent to the EventDestination from resources that are accessible by the account that created the subscription. I believe this is mentioned in the specification, but we'll go take a look to make sure that is understood.
Attempting to validate a subscription based on privileges would be problematic - as resources come and go, and privileges can change. There are a lot of ways you can create a "useless subscription" - like creating one for a Message Registry that is never used by the service... I would hope that a client attempting to create a subscription based on a particular resource would have accessed that resource (if only to determine which one it cares about).
I don't know of any way to realistically "validate" a subscription during creation that wouldn't produce false positive/negative results.
Jeff
|
|
