Restrict Access to Tenant's Users & Namespaces / Strict Mode
Ability to restrict user access to an Tenant's Users and namespaces within a Tenant so that certain users/roles don't know other users in the tenant.
Used for scenarios when a Tenant is storing multiple customer's access within the same Tenant prior to Community Data Sharing services being available.
We have implemented a new feature in OCS called ‘strict mode’ that can be enabled by OSIsoft on a customer’s tenant. This feature is now in preview.
Enabling strict mode hides several OCS portal menus, API routes, and tiles on the landing Dashboard to non-Admin users.
The feature is intended for use for tenants that may have multiple company’s users logging into the tenant (example: connected services and their customers) and there is a need to hide administrative information and other user information from non admin users.
Strict mode hidden menus include: Identity Providers, Users, Roles, Groups, Clients, Usage, Health, My profile only shows a user’s own information. Likewise, API routes goes to a forbidden error. Dashboard tiles hidden include: usage tile, health tile, quick links tile.
To enable strict mode, please contact OSIsoft and we can enable it on your tenant. Please let us know your feedback.
AdminAlex Duhig (Admin, OSIsoft) commented
It is currently possible for any account member to enumerate users in a namespace, including all contact details for those users. If multiple organisations are added to a namespace, this is a violation of privacy laws in many countries. Adding multiple organisations is a common use case for the platform, for example adding multiple different hardware vendors to view data associated with different equipment in the namespace.
A workaround could be to create unique namespaces for each individual organisation that is sharing the dataset, but this would involve a lot more work and replication of data.