diff options
author | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | 2020-03-29 01:56:06 +0300 |
---|---|---|
committer | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | 2020-03-29 15:17:28 +0300 |
commit | 1b1b43f20a1f52d014f6435232c19c1d9c8fa337 (patch) | |
tree | f7611a86d1e0b86706be51c42ae0d0f7690577c0 /redfish-core/lib/thermal.hpp | |
parent | 12c7f4388b58a974265827ab62d3981ba98ed8f2 (diff) | |
download | bmcweb-1b1b43f20a1f52d014f6435232c19c1d9c8fa337.tar.xz |
Sensor override allow only by Admin priv user
Issue: As per https://redfish.dmtf.org/registries/
Redfish_1.0.4_PrivilegeRegistry.json patch method for
Thermal & Power must be allowed for ConfigureManager only
Fix: So restrict only Admin privilege user can override sensor values
from Redfish.
Tested:
1. Redfish validator - passed for this new change
2. Patch sensor values from Redfish for Thermal using Admin privilege
user
Redfish URI:
PATCH https://<BMC-IP>/redfish/v1/Chassis/WC_Baseboard/Thermal
Body:
{
"Temperatures": [
{
"MemberId": "SSB_Temp",
"ReadingCelsius":112
}
]
}
Response:
{
"@odata.id": "/redfish/v1/Chassis/WC_Baseboard/Thermal",
"@odata.type": "#Thermal.v1_4_0.Thermal",
"Fans": [],
"Id": "Thermal",
"Name": "Thermal",
"Temperatures": []
}
3. Sensor value Overridden successfully when Authorized by admin privilege user
4. Verified by operator privilege user. Not successful.
Response : Forbidden.
5. Verified for Power sensor values and allowed only by admin privilege user.
6. Verified for manufacturing mode, Validation unsecure mode and
non-manufacturing mode.
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I9a089a9341d12beac9625f1877e1ab047f5d6f46
Diffstat (limited to 'redfish-core/lib/thermal.hpp')
-rw-r--r-- | redfish-core/lib/thermal.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/redfish-core/lib/thermal.hpp b/redfish-core/lib/thermal.hpp index 28b11a5d26..2126f85bbc 100644 --- a/redfish-core/lib/thermal.hpp +++ b/redfish-core/lib/thermal.hpp @@ -30,7 +30,7 @@ class Thermal : public Node entityPrivileges = { {boost::beast::http::verb::get, {{"Login"}}}, {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, {boost::beast::http::verb::put, {{"ConfigureManager"}}}, {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; |