Known Issues with Resource Access Management¶
On this page, you will find the most recent aggregation of all known issues related to Resource Access Management (RAM).
- If Resource Access Management (RAM) has been activated on your tenant, policies to your users have to be configured.
Otherwise a user for example with
StandardUser-role will only see the root assets in his tenant.
Applications using App Credentials or other technical accounts¶
- If an application uses App Credentials or other technical accounts to interact with the API of Secure Data Sharing enabled services data may be exposed as policies are not enforced for technical accounts as of now.
- If the configured policy has gaps in the asset tree (means assets missing between), the hierarchy filter is empty.
In this case, close the hierarchy filter and work with the flat list.
- Rules are always displayed, also when the monitored asset is not included in the policy.
- The asset info plugin shows the whole hierarchy breadcrumb, even when some assets are not accessible.
Nevertheless, it is not possible to open such hidden assets or query data for them.
- Simple KPIs are always displayed, also when the used asset(s) are not included in the policy
- Not supported with active RAM. A user with a policy will not see any assets.
- Use Operations Insight instead of Fleet Manager.
- There are currently no known issues
Visual Flow Creator¶
- Not supported with active RAM. A user with a policy might not see resources (like assets). However, flows that have been configured to run with these resources will still be able to run.
- Not supported with active RAM. Rules will be displayed and evaluated even if dependent resources (assets) are not accessible for the user.
- With active RAM, the users are not allowed to select a resource if not granted access to it by a policy. However, if they have access to a data source in Visual Explorer, which refers to that resource, they can still view the data included. Review the permissions in Visual Explorer with every policy update to avoid data still being exposed to unauthorized users.
- User will view all the assets from asset management and he will be able to create the IoT import jobs on those assets and will be able to use the IoT data datasets irrespective of access control.
- User will be able to read IoT data for all assets irrespective of access control and will be able to use it for model development and model execution.
- Data Lake data source can be created on any valid data lake resource path irrespective of access control and will be used for model development and model execution.
- Jupyter/Zeppelin/Tensorflow workbenches support running the scripts which may call all MindSphere public API's without any access control restrictions.
Any questions left?
Except where otherwise noted, content on this site is licensed under the Development License Agreement.
Last update: March 17, 2023