How can we improve OSIsoft Cloud Services?

← OSIsoft Cloud Services

Restrict Access to Tenant's Users & Namespaces / Strict Mode

Ability to restrict user access to an Tenant's Users and namespaces within a Tenant so that certain users/roles don't know other users in the tenant.

Used for scenarios when a Tenant is storing multiple customer's access within the same Tenant prior to Community Data Sharing services being available.

15 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

AdminTodd Brown (Product Manager, OSIsoft) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
PREVIEW  ·  AdminTodd Brown (Product Manager, OSIsoft) responded  · 

We have implemented a new feature in OCS called ‘strict mode’ that can be enabled by OSIsoft on a customer’s tenant. This feature is now in preview.

Enabling strict mode hides several OCS portal menus, API routes, and tiles on the landing Dashboard to non-Admin users.

The feature is intended for use for tenants that may have multiple company’s users logging into the tenant (example: connected services and their customers) and there is a need to hide administrative information and other user information from non admin users.

Strict mode hidden menus include: Identity Providers, Users, Roles, Groups, Clients, Usage, Health, My profile only shows a user’s own information. Likewise, API routes goes to a forbidden error. Dashboard tiles hidden include: usage tile, health tile, quick links tile.

To enable strict mode, please contact OSIsoft and we can enable it on your tenant. Please let us know your feedback.

Show previous admin responses (1)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminAlex Duhig (Admin, OSIsoft) commented  ·   ·  Flag as inappropriate

    It is currently possible for any account member to enumerate users in a namespace, including all contact details for those users. If multiple organisations are added to a namespace, this is a violation of privacy laws in many countries. Adding multiple organisations is a common use case for the platform, for example adding multiple different hardware vendors to view data associated with different equipment in the namespace.

    A workaround could be to create unique namespaces for each individual organisation that is sharing the dataset, but this would involve a lot more work and replication of data.

    Documentation:
    https://ocs-docs.osisoft.com/Content_Portal/Documentation/Identity/Identity_User.html

OSIsoft Cloud Services: Security

Categories

Feedback and Knowledge Base

(thinking…)
Posted ideas will have one of the following statuses.
Full definition of these statuses can be found on the Home Page.
No status
TELL US MORE
EVALUATING
PLANNED
IN DEVELOPMENT
COMPLETED
DECLINED