About scope-based access control

HPE OneView uses a role-based access control (RBAC) mechanism to define privileges and control user access. Under RBAC, the access rights defined by the role apply to all resources in a resource category. Scope-based access control (SBAC) is an extension of the RBAC mechanism that allows you to restrict the rights granted by a role to a subset of resources.

You can use scope-based access control to grant privileges to users or directory groups in the form of permissions. A permission consists of a role and an optional scope. Roles grant access rights to perform actions (create, read, update, delete or use) on all resources in a resource category. A resource can be assigned to zero or more scopes in order to restrict operations that can be performed on it. When specified as part of a permission, a scope further restricts the rights granted by the role to a subset of resources. You can assign multiple permissions to a user or a directory group.

More information

About scopes

Scope-based access control authorization semantics

Scope-based access control facts

Scope-based access control implementation process