/openbmc/openbmc-test-automation/gui/test/access_control/ |
H A D | test_obmc_gui_local_users.robot | 22 ${xpath_select_privilege} //select[@id="privilege"] 33 Page should contain View privilege role descriptions 89 [Arguments] ${username} ${password} ${privilege}=Administrator 95 # privilege User privilege. 99 Add User Details ${username} ${password} ${privilege} ${account_status} 103 [Arguments] ${username} ${password} ${privilege} ${account_status} 108 # privilege User privilege. 117 Select User Privilege ${privilege} 121 [Documentation] Select user privilege. 122 [Arguments] ${privilege}=Administrator [all …]
|
/openbmc/openbmc-test-automation/redfish/account_service/ |
H A D | test_ipmi_redfish_user.robot | 72 [Documentation] Update user privilege via Redfish and verify using IPMI. 75 # Create user using Redfish with admin privilege. 85 # Update user privilege to operator using Redfish. 89 # Verify new user privilege level via IPMI. 166 [Documentation] Update user privilege to operator via IPMI and verify using Redfish. 168 # Create user using IPMI with admin privilege. 172 # Change user privilege to opetrator using IPMI. 176 # Verify new user privilege level via Redfish. 177 ${privilege}= Redfish_Utils.Get Attribute 179 Should Be Equal ${privilege} Operator [all …]
|
H A D | test_ldap_configuration.robot | 149 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot. 156 # With LDAP user and with right privilege trying to do BMC reboot. 163 [Documentation] Verify that LDAP user with operator privilege can do host 172 # Verify that the LDAP user with operator privilege is able to power the system off. 211 [Documentation] Verify that LDAP user with read privilege able to 221 [Documentation] Verify that LDAP user with read privilege should not be 304 ... privilege. 313 [Documentation] Verify that LDAP user authorization with wrong privilege 404 [Documentation] Verify that LDAP group name and group privilege able to 447 # Verify LDAP user with ReadOnly privilege not able to do host poweroff. [all …]
|
/openbmc/phosphor-net-ipmid/ |
H A D | command_table.hpp | 56 session::Privilege privilege; member 117 Entry(CommandID command, session::Privilege privilege) : in Entry() argument 118 command(command), privilege(privilege) in Entry() 142 return privilege; in getPrivilege() 155 session::Privilege privilege; member in command::Entry 173 session::Privilege privilege, bool sessionless) : in NetIpmidEntry() argument 174 Entry(command, privilege), functor(functor), sessionless(sessionless) in NetIpmidEntry()
|
/openbmc/phosphor-user-manager/phosphor-ldap-config/ |
H A D | ldap_mapper_entry.cpp | 18 const std::string& privilege, Config& parent) : in LDAPMapperEntry() argument 23 Interfaces::privilege(privilege, true); in LDAPMapperEntry() 53 std::string LDAPMapperEntry::privilege(std::string value) in privilege() function in phosphor::ldap::LDAPMapperEntry 55 if (value == Interfaces::privilege()) in privilege() 61 auto val = Interfaces::privilege(value); in privilege()
|
H A D | ldap_mapper_serialize.cpp | 33 archive(entry.groupName(), entry.privilege()); in save() 49 std::string privilege{}; in load() local 51 archive(groupName, privilege); in load() 56 privilege(privilege, true); in load()
|
H A D | ldap_mapper_entry.hpp | 49 const std::string& privilege, Config& parent); 81 std::string privilege(std::string value) override; 84 privilege;
|
/openbmc/bmcweb/redfish-core/include/ |
H A D | privileges.hpp | 85 for (const char* privilege : privilegeList) in Privileges() local 87 if (!setSinglePrivilege(privilege)) in Privileges() 90 privilege); in Privileges() 103 bool setSinglePrivilege(std::string_view privilege) in setSinglePrivilege() argument 108 if (privilege == privilegeNames[searchIndex]) in setSinglePrivilege() 126 bool resetSinglePrivilege(const char* privilege) in resetSinglePrivilege() argument 131 if (privilege == privilegeNames[searchIndex]) in resetSinglePrivilege()
|
/openbmc/webui-vue/src/views/SecurityAndAccess/UserManagement/ |
H A D | ModalUser.vue | 102 :label="$t('pageUserManagement.modal.privilege')" 103 label-for="privilege" 106 id="privilege" 107 v-model="form.privilege" 109 data-test-id="userManagement-select-privilege" 110 :state="getValidationState(v$.form.privilege)" 112 @input="v$.form.privilege.$touch()" 121 <template v-if="v$.form.privilege.required.$invalid"> 271 privilege: null, 299 this.form.privilege = value.privilege; [all …]
|
/openbmc/openbmc-test-automation/openpower/localuser/ |
H A D | test_ipmi_redfish_user.robot | 26 [Documentation] Create user using IPMI without privilege and verify user privilege 36 # Verify new user privilege level via Redfish. 37 ${privilege}= Redfish_Utils.Get Attribute 39 Valid Value privilege ['ReadOnly'] 123 [Documentation] Update user privilege via Redfish and verify using IPMI. 126 # Create user using Redfish with admin privilege. 142 # Update user privilege to readonly using Redfish. 146 # Verify new user privilege level via IPMI. 166 [Documentation] Create random IPMI user with given password and privilege 168 [Arguments] ${password} ${privilege}=0 [all …]
|
/openbmc/openbmc-test-automation/ipmi/ |
H A D | test_ipmi_user.robot | 75 # Set admin privilege and enable IPMI messaging for newly created user. 76 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv} 199 # Set admin privilege and enable IPMI messaging for newly created user 200 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv} 252 [Documentation] Verify IPMI user with user privilege can only run user level commands. 263 …[Documentation] Verify IPMI user with operator privilege can only run user and operator levels co… 275 [Documentation] Verify IPMI user with admin privilege can run all levels command. 297 # Set admin privilege and enable IPMI messaging for newly created user. 298 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv} 300 # Delay added for user privilege to get set. [all …]
|
/openbmc/openbmc-tools/openbmctool/ |
H A D | README.md | 202 ### Add privilege mapping 205 openbmctool.py <connection options> ldap privilege-mapper create --groupName=<groupName> --privileg… 208 ### Delete privilege mapping 211 openbmctool.py <connection options> ldap privilege-mapper delete --groupName=<groupName> 214 ### List privilege mapping 217 openbmctool.py <connection options> ldap privilege-mapper list 225 - Configure user privilege. 230 privilege mapping for the LDAP credentials then the user will get the following 233 403, 'LDAP group privilege mapping does not exist'. 235 Action: Add the privilege (refer to the section "Add privilege mapping") [all …]
|
/openbmc/linux/arch/powerpc/boot/dts/ |
H A D | microwatt.dts | 44 usable-privilege = <2>; 49 usable-privilege = <3>; 55 usable-privilege = <2>; 60 usable-privilege = <3>; 65 usable-privilege = <2>; 71 usable-privilege = <3>;
|
/openbmc/linux/Documentation/devicetree/bindings/powerpc/ |
H A D | ibm,powerpc-cpu-features.txt | 13 enablement, privilege, and compatibility metadata. 94 - usable-privilege 104 This property describes the privilege levels and/or software components 118 This property describes the HV privilege support required to enable the 119 feature to lesser privilege levels. If the property does not exist then no 137 This property describes the OS privilege support required to enable the 138 feature to lesser privilege levels. If the property does not exist then no 179 This property may exist when the usable-privilege property value has PR bit set. 213 usable-privilege = <1 | 2 | 4>; 219 usable-privilege = <1 | 2>; [all …]
|
/openbmc/bmcweb/http/routing/ |
H A D | ruleparametertraits.hpp | 89 for (const std::initializer_list<const char*>& privilege : p) in privileges() local 91 self->privilegesSet.emplace_back(privilege); in privileges() 100 for (const redfish::Privileges& privilege : p) in privileges() local 102 self->privilegesSet.emplace_back(privilege); in privileges()
|
/openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/ |
H A D | test_user_management_sub_menu.robot | 25 ${xpath_privilege_list_button} //*[@data-test-id='userManagement-select-privilege'] 56 Page should contain View privilege role descriptions 108 [Documentation] Create a new user with a privilege and verify that user is created. 120 [Documentation] Create users with different access privilege 160 # Get random username and user privilege level. 172 …[Documentation] Modify user privilege of existing user via GUI and verify the changes using Redfi… 176 # Get random username and user privilege level. 183 # Get user privilege role details distinct from the current ones. 184 FOR ${privilege} IN @{list_user_privilege} 185 IF '${privilege}' != '${privilege_level}' [all …]
|
/openbmc/linux/arch/arm64/include/asm/ |
H A D | hw_breakpoint.h | 17 privilege : 2, member 35 u32 val = (ctrl.len << 5) | (ctrl.type << 3) | (ctrl.privilege << 1) | in encode_ctrl_reg() 38 if (is_kernel_in_hyp_mode() && ctrl.privilege == AARCH64_BREAKPOINT_EL1) in encode_ctrl_reg() 49 ctrl->privilege = reg & 0x3; in decode_ctrl_reg()
|
/openbmc/linux/arch/arm64/kernel/ |
H A D | hw_breakpoint.c | 140 static enum dbg_active_el debug_exception_level(int privilege) in debug_exception_level() argument 142 switch (privilege) { in debug_exception_level() 148 pr_warn("invalid breakpoint privilege level %d\n", privilege); in debug_exception_level() 229 enum dbg_active_el dbg_el = debug_exception_level(info->ctrl.privilege); in hw_breakpoint_control() 494 hw->ctrl.privilege = AARCH64_BREAKPOINT_EL1; in arch_build_bp_info() 496 hw->ctrl.privilege = AARCH64_BREAKPOINT_EL0; in arch_build_bp_info() 569 if (hw->ctrl.privilege == AARCH64_BREAKPOINT_EL1 && bp->hw.target) in hw_breakpoint_arch_parse() 582 int i, max_slots, privilege; in toggle_bp_registers() local 603 privilege = counter_arch_bp(slots[i])->ctrl.privilege; in toggle_bp_registers() 604 if (debug_exception_level(privilege) != el) in toggle_bp_registers() [all …]
|
/openbmc/linux/arch/arm/include/asm/ |
H A D | hw_breakpoint.h | 17 privilege : 2, 31 (ctrl.privilege << 1) | ctrl.enabled; in encode_ctrl_reg() 39 ctrl->privilege = reg & 0x3; in decode_ctrl_reg()
|
/openbmc/docs/architecture/ |
H A D | user-management.md | 58 OpenBMC supports privilege roles which are common across all the supported 59 groups (i.e. User will have same privilege for REDFISH / Webserver / IPMI / SSH 60 / HostConsole). User can belong to any one of the following privilege roles at 71 | 4 | no-access | Users having empty or no privilege will be reported as no-access, from… 93 …*********|********************| V ^ || allowed privilege on || 429 |privilege as the privilege | 451 the OpenBMC privilege roles. The preferred way is to group LDAP user accounts 452 into LDAP groups. D-Bus API is provided for the user to assign privilege role to 457 This section explains how the privilege roles of the user accounts are consumed 458 by the webserver interface. The privilege role is a property of the user D-Bus [all …]
|
H A D | ipmi-architecture.md | 61 "privilege": enum:privilege - ADMIN, USER, OPERATOR, CALLBACK; 62 must be less than or equal to the privilege of the user and less 63 than or equal to the max privilege of this channel 75 credentials and determining the maximum privilege available for this session. 95 For session-less channels (like BT, KCS, and IPMB), the only privilege check 96 will be to see that the requested privilege is less than or equal to the 97 channel's maximum privilege. If the channel has a session and authenticates 98 users, the privilege must be less than or equal to the channel's maximum 99 privilege and the user's maximum privilege. 102 function. If the requested privilege is less than or equal to the required [all …]
|
/openbmc/phosphor-host-ipmid/user_channel/ |
H A D | user_layer.cpp | 153 privAccess.privilege = userInfo->userPrivAccess[chNum].privilege; in ipmiUserGetPrivilegeAccess() 166 userPrivAccess.privilege = privAccess.privilege; in ipmiUserSetPrivilegeAccess()
|
H A D | user_mgmt.cpp | 258 .privilege != userPriv) in userUpdateHelper() 265 .privilege = userPriv; in userUpdateHelper() 910 static_cast<CommandPrivilege>(privAccess.privilege)); in setUserPrivilegeAccess() 913 privAccess.privilege != userInfo->userPrivAccess[syncIndex].privilege) in setUserPrivilegeAccess() 921 userInfo->userPrivAccess[chNum].privilege = privAccess.privilege; in setUserPrivilegeAccess() 1071 userInfo->userPrivAccess[chIndex].privilege = in setUserName() 1257 std::vector<std::string> privilege = in readUserData() local 1307 if (privilege.size() != ipmiMaxChannels || in readUserData() 1319 usersTbl.user[usrIndex].userPrivAccess[chIndex].privilege = in readUserData() 1321 convertToIPMIPrivilege(privilege[chIndex])); in readUserData() [all …]
|
/openbmc/webui-vue/src/store/modules/SecurityAndAccess/ |
H A D | UserManagementStore.js | 115 async createUser({ dispatch }, { username, password, privilege, status }) { 119 RoleId: privilege, 143 { originalUsername, username, password, privilege, status, locked }, 148 if (privilege) data.RoleId = privilege;
|
/openbmc/docs/designs/ |
H A D | redfish-authorization.md | 21 The Redfish authorization model consists of the privilege model and the 22 operation-to-privilege mapping. 24 In the privilege model, there are fixed set of standard Redfish roles and each 30 The operation-to-privilege mapping is defined for every resource type and 35 official registry collection as a base operation-to-privilege mapping. It also 42 resource only requires the `Login` privilege. On the other hand, the same peer 44 POST operation on certificates requires `ConfigureManager` privilege that the 53 1. https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#privilege-model 54 2. https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#redfish-service-operation-to-privilege-mapp… 137 5. the operation-to-privilege mapping [all …]
|