Proposal add PerformService privilege

Joseph Reynolds jrey at
Sat Dec 5 07:11:21 AEDT 2020

This is a proposal to add an OemOpenBMCPerformService privilege to BMCWeb.

As mentioned in the Redfish forum thread, the use case is that some 
OpenBMC use cases require isolating manufacturing and service functions 
away from the customer/admin (including updating FRU serial numbers, and 
updating a permanent MAC address), and this is a Redfish compatible way 
to do it.

The work items would be like:
- Add this OEM privilege to the base BMCWeb implementation.
- Identify URIs that we need to be able to isolate away from 
customer/admins.  Then modify the privilege mapping to require this 
privilege to PUT to those URIs.
- Add this privilege to the Administrator role (but not Operator or 
- Document how to isolate these operations.  Specifically, remove this 
privilege from Administrator, and create a custom OEM role that has this 

What do you think?
- Joseph

More information about the openbmc mailing list