New Redfish roles for ServiceRep and OemRep

Joseph Reynolds jrey at
Sat Feb 15 07:21:30 AEDT 2020

This is to propose two new Redfish roles:

The BMC Administrator should not have access to operations involving the 
manufacturing process or servicing the host because these operations can 
damage the system or cause unintended operation.

Examples of access needed:
1. ServiceRep - Needs to access BMC operations to service the system, 
such as re-enabling locked out field replaceable units (FRUs) after 
replacing a defective unit.
2. OemRep - Needs to access BMC operations to test the host system, such 
as how the system responds to overheating.

I believe these roles are clearly distinct from role=Administrator or 
any other role.

The roles should NOT have access to the BMC's configuration or user 
management.  For example, the BMC admin will be able to lock out any 
service agent or OemRep using the regular user management functions.

Does anyone else need for these roles?  If so, I will try to get them 
into Redfish.

- Joseph

This topic was discussed briefly in the OpenBMC security working group, 

See also:

More information about the openbmc mailing list