Re: CF disable-service-access broken

Home Messages Hashtags Subgroups

Eric Promislow #7221 Hello Prasad, We filed an issue with the CLI team ( https://github.com/cloudfoundry/cli/issues/1225) to issue a warning for cases like yours, where an attempt is made to disable access to a service plan when the plan is currently available to all orgs. Thanks for taking the time to report this issue. Eric Promislow and Matt Royal, CAPI Community Team toggle quoted message Show quoted text On Thu, Aug 31, 2017 at 3:23 PM, Zach Robinson <zrobinson(a)pivotal.io> wrote: Hello Prasad, This is actually expected behavior. You can find documentation about service access here https://docs.cloudfoundry.org/ services/access-control.html. It notes a limitation at the bottom. "You cannot disable access to a service plan for an org if the plan is currently available to all orgs. You must first disable access for all orgs; then you can enable access for a particular org." This is because service access works in two modes: 1) available to everybody. 2) available in a whitelist to specific organizations. Service access does NOT work as a blacklist. The example you posted shows it as available to all, which means it is in the first mode I listed. If you want more granular control, then you will need to disable access for all orgs, and then whitelist each org that should have access. -Zach attachment.html attachment.html
More All Messages By This Member

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.