The HPE GreenLake Authorization (AuthZ) service provides a comprehensive framework for managing and controlling access to your HPE GreenLake resources. This service serves as the central authority for determining who can access what resources across the HPE GreenLake Platform, ensuring that only authorized users can perform specific actions on protected resources.
HPE GreenLake's RBAC implementation consists of four essential elements:
- Permissions: Granular access rights to perform specific operations
- Roles: Collections of permissions that represent job functions or responsibilities
- Scopes: Boundaries that define where permissions apply within your environment
- Assignments: Connections that link users or groups to roles within specific scopes
The Authorization service continuously evaluates access requests against defined policies to determine if users have appropriate privileges to access service-owned resources. This evaluation occurs based on:
- The user's identity and workspace context
- Roles assigned to the user
- The specific scope of the resource being accessed
- The permission required for the requested operation
- Enhanced Security: Implement least-privilege access principles across your environment
- Simplified Administration: Manage access through roles rather than individual permissions
- Operational Efficiency: Align access controls with organizational structures and responsibilities
- Compliance Support: Maintain clear access boundaries and audit trails for governance requirements
To begin working with HPE GreenLake RBAC, see the Authorization Management API Guide for detailed implementation instructions.