Post by AMI_archerwen on Apr 13, 2023 2:56:08 GMT
Here is the "ActionInfo" privilege defined under the "Redfish_1.3.0_PrivilegeRegistry.json".
But like below, there are so many "ActionInfo" under different resources.
Are those privileges all are need to map from "ActionInfo"?
Could we map the privilege from the parent uri?
For /redfish/v1/Systems/Self/Boot/Certificates/1/Certificate.RekeyActionInfo, map the privilege from "Certificate" entity, and it have "SubordinateOverrides" defined for "ComputerSystem" target.
Post by mraineri on Apr 13, 2023 12:19:05 GMT
It's entirely up to you; you're free to modify the registry as you need to for your implementation.
But at least in terms of why it's published that way, the rationale is that a ReadOnly user can perform GET and HEAD operations on the resource (like they can with every other resource), and only an administrator can modify the contents of this particular resource.
Two things to keep in mind. First, this resource itself does not perform actions; it's simply a descriptor of what the service is able to accept for action parameter, and since it controls what the service supports, that's why the modification operations are mapped to ConfigureManager. Second, the standard currently does not even allow modifications to this resource, but out of sake of consistency, we map privileges to every HTTP operation in case we decide to change the supported methods on the resource in the future.