Sensor override allow only by Admin priv user
Issue: As per https://redfish.dmtf.org/registries/
Redfish_1.0.4_PrivilegeRegistry.json patch method for
Thermal & Power must be allowed for ConfigureManager only
Fix: So restrict only Admin privilege user can override sensor values
from Redfish.
Tested:
1. Redfish validator - passed for this new change
2. Patch sensor values from Redfish for Thermal using Admin privilege
user
Redfish URI:
PATCH https://<BMC-IP>/redfish/v1/Chassis/WC_Baseboard/Thermal
Body:
{
"Temperatures": [
{
"MemberId": "SSB_Temp",
"ReadingCelsius":112
}
]
}
Response:
{
"@odata.id": "/redfish/v1/Chassis/WC_Baseboard/Thermal",
"@odata.type": "#Thermal.v1_4_0.Thermal",
"Fans": [],
"Id": "Thermal",
"Name": "Thermal",
"Temperatures": []
}
3. Sensor value Overridden successfully when Authorized by admin privilege user
4. Verified by operator privilege user. Not successful.
Response : Forbidden.
5. Verified for Power sensor values and allowed only by admin privilege user.
6. Verified for manufacturing mode, Validation unsecure mode and
non-manufacturing mode.
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I9a089a9341d12beac9625f1877e1ab047f5d6f46
diff --git a/redfish-core/lib/thermal.hpp b/redfish-core/lib/thermal.hpp
index 28b11a5..2126f85 100644
--- a/redfish-core/lib/thermal.hpp
+++ b/redfish-core/lib/thermal.hpp
@@ -30,7 +30,7 @@
entityPrivileges = {
{boost::beast::http::verb::get, {{"Login"}}},
{boost::beast::http::verb::head, {{"Login"}}},
- {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
{boost::beast::http::verb::post, {{"ConfigureManager"}}}};