Proposal add PerformService privilege
Joseph Reynolds
jrey at linux.ibm.com
Sat Dec 5 07:11:21 AEDT 2020
This is a proposal to add an OemOpenBMCPerformService privilege to BMCWeb.
See https://redfishforum.com/thread/397/redfish-direction-update-eeproms
As mentioned in the Redfish forum thread, the use case is that some
OpenBMC use cases require isolating manufacturing and service functions
away from the customer/admin (including updating FRU serial numbers, and
updating a permanent MAC address), and this is a Redfish compatible way
to do it.
The work items would be like:
- Add this OEM privilege to the base BMCWeb implementation.
- Identify URIs that we need to be able to isolate away from
customer/admins. Then modify the privilege mapping to require this
privilege to PUT to those URIs.
- Add this privilege to the Administrator role (but not Operator or
ReadOnly).
- Document how to isolate these operations. Specifically, remove this
privilege from Administrator, and create a custom OEM role that has this
privilege
What do you think?
- Joseph
More information about the openbmc
mailing list