Restrict Access to Tenant's Users & Namespaces / Strict Mode
Ability to restrict user access to an Tenant's Users and namespaces within a Tenant so that certain users/roles don't know other users in the tenant.
Used for scenarios when a Tenant is storing multiple customer's access within the same Tenant prior to Community Data Sharing services being available.

We have implemented a new feature in OCS called ‘strict mode’ that can be enabled by OSIsoft on a customer’s tenant. This feature is now in preview.
Enabling strict mode hides several OCS portal menus, API routes, and tiles on the landing Dashboard to non-Admin users.
The feature is intended for use for tenants that may have multiple company’s users logging into the tenant (example: connected services and their customers) and there is a need to hide administrative information and other user information from non admin users.
Strict mode hidden menus include: Identity Providers, Users, Roles, Groups, Clients, Usage, Health, My profile only shows a user’s own information. Likewise, API routes goes to a forbidden error. Dashboard tiles hidden include: usage tile, health tile, quick links tile.
To enable strict mode, please contact OSIsoft and we can enable it on your tenant. Please let us know your feedback.
1 comment
-
AdminAlex Duhig (Admin, OSIsoft) commented
It is currently possible for any account member to enumerate users in a namespace, including all contact details for those users. If multiple organisations are added to a namespace, this is a violation of privacy laws in many countries. Adding multiple organisations is a common use case for the platform, for example adding multiple different hardware vendors to view data associated with different equipment in the namespace.
A workaround could be to create unique namespaces for each individual organisation that is sharing the dataset, but this would involve a lot more work and replication of data.
Documentation:
https://ocs-docs.osisoft.com/Content_Portal/Documentation/Identity/Identity_User.html