20.40. kb-00039: RBAC - Limit Users to Just Poweron and Poweroff IPMI Controls

20.40.1. Knowledge Base Article: kb-00039

20.40.2. Description

This article describes how to create a limited role with claims (rights) to only poweron and poweroff Machines. This example can be used as the foundating to understand how to add additional Roles with different Claims capabilities.

20.40.3. Solution

The Role Base Access and Controls subsystem allows an operator to construct user account permissions to limit the scope that a user can impact the Digital Rebar Provision system. Below is an example of how to create a Claim that assigns the Role named prod-role that limits to only allow IPMI poweron and poweroff actions. These permissions are applied to the _specific_ set of _scope_ Machines:

drpcli roles update prod-role '"Claims": [{"action": "action:poweron, action:poweroff", "scope": "machines", "specific": "*"}]'

Now simply assign this Role to the given users you wish to limit their permissions on.

20.40.4. Additional Information

Additional resources and information related to this Knowledge Base article.

20.40.4.2. Versions

all

20.40.4.3. Keywords

poweron, poweroff, limited scope user, claims, roles, rbac, role based authentication controls

20.40.4.4. Revision Information

KB Article     :  kb-00039
initial release:  Wed Jun 10 12:54:37 PDT 2020
updated release:  Wed Jun 10 12:54:37 PDT 2020