Compute Ops Management Scope Based Access Control (SBAC) - Enhanced IAM

HPE GreenLake has scope groups that can be used to implement SBAC in Compute Ops Management.

A scope resource is a "type" of resource that Compute Ops Management uses to limit access​.

The scope resource available in Compute Ops Management is saved filters. You can use saved filters to restrict access to servers in Compute Ops Management. When configured, access to the compute.server.edit permission is restricted.

Steps to use SBAC

1. In Compute Ops Management, create a saved filter with scope based access control enabled.
   1. API endpoint to create a saved filter
   2. Ensure when creating this that the field for enabling scope based access control is set.
   3. User guide entry for creating a saved filter
2. In HPE GreenLake, configure a scope group.
   1. Configure the Compute Ops Management scope resource created in the previous step with a scope group.
   2. HPE GreenLake documentation about creating a scope group
3. After the previous steps are completed, you can apply the resource restriction policy to a role.