Compute Ops Management Scope Based Access Control (SBAC) - IAM

HPE GreenLake has resource restriction policies that can be used to implement SBAC in Compute Ops Management.

A scope resource is a "type" of resource that Compute Ops Management uses to limit access​.

The scope resource available in Compute Ops Management is saved filters. You can use saved filters to restrict access to servers in Compute Ops Management. When configured, access to the Compute server edit permission is restricted.

Steps to use SBAC

1. In Compute Ops Management, create a saved filter with scope based access control enabled.
   1. API endpoint to create a saved filter
   2. Ensure when creating this that the field for enabling scope based access control is set.
   3. User guide entry for creating a saved filter
2. Configure a resource restriction policy in HPE GreenLake.
   1. Configure the Compute Ops Management scope resource created in the previous step with a resource restriction policy.
   2. HPE GreenLake documentation about creating a resource restriction policy
3. After the previous steps are completed, you can apply the resource restriction policy to a role.