Restricting UI read access by scope

If you are an unscoped infrastructure administrator, you can restrict the resources a scoped user can see on the UI screen. To restrict read access by scope, select Settings > Appliance > Actions > Edit global settings. In the Edit Global Settings dialog box, select the Restrict user interface read access by scope option. When this option is enabled, a scope-restricted user can see only resources that are in scope on the UI screen.
NOTE:

The Restrict user interface read access by scope option is not a security feature. At times, you might see resources that are not in your scope on the UI screen. This setting does not change the behavior of the REST APIs.

After enabling this option, a scope-restricted user sees the following changes:

  • The scope filter contains only scopes that are in the active permissions of the user. The scope filter does not contain the All resources option.

  • Cannot use links to access resources that are not in scope. The appliance displays an Unable to locate the item you requested error message when a restricted user clicks a link to a resource that is not in scope.

  • The resource counts on the dashboard, activity, and resource screens display only the number of resources that are in scope.

  • Cannot access reports, since reports might contain information about resources that are not in scope.

  • A few resource types such as data centers and racks cannot be assigned to scopes. A restricted user can see such resources on the screen, even though they are not in the scope.

  • If the active permissions of a user include All resources, the user is not scope restricted. An unrestricted user can see all the resources on the UI screen even when the Restrict user interface read access by scope option is enabled.

More information