Some question about privilege mapping

Some question about privilege mapping May 21, 2021 9:20:55 GMT

Quote

Post by siaoleio on May 21, 2021 9:20:55 GMT

Hello,

      I have two questions about privilege mapping:

      1. Question 1: For the Chassis resource, I wish the person who has the "PowerControl" privilege can do the "/v1/Chassis/{ChassisId}/Actions/Chassis.Reset" action, and I wish the person who has the "ConfigureComponents" privilege can do the "/v1/Chassis/{ChassisId}/Actions/Oem/UID" action.

          I learned that redfish has three kinds of privilege mapping override: "Property override", "Subordinate override" and "URI override". Perhaps I should use the property override here, it seems like

{
	"PropertyOverrides": [
		{
			"Targets": [
				"Actions.Reset"
			],
			"OperationMap": {
				"POST": [
					{
						"Privilege": [
							"PowerControl"
						]
					}
				]
			}
		},

		{

			"Targets": [

				"Actions.Oem.UID"

			],

			"OperationMap": {

				"POST": [

					{

						"Privilege": [

							"ConfigureComponents"

						]

					}

				]

			}

		}
	]
}

Is this type of property with a hierarchical structure legal? Such as "Actions.Reset" and "Actions.Oem.UID".

2.Question 2: Can regular expressions be used in URI overloading？

{
	"ResourceURIOverrides": [
		{
			"Targets": [
				"/redfish/v1/Systems/VM([[:alnum:]])"
			],
			"OperationMap": {
				"GET": [
					{
						"Privilege": [
							"Login"
						]
					}
				],
				"PATCH": [
					{
						"Privilege": [
							"ConfigureComponents",
							"OEMSysAdminPriv"
						]
					}
				]
			}
		}
	]
}

For example, here I want the systems whoes name start with "VM" has a new access rule.

Thank you for your reply.
With kindest regards.

Post by siaoleio on May 21, 2021 9:20:55 GMT

Post by mraineri on May 26, 2021 14:16:42 GMT