toggle quoted messageShow quoted text
We filed an issue with the CLI team (https://github.com/cloudfoundry/cli/issues/1225
) to issue a warning
for cases like yours, where an attempt is made to disable access to a
service plan when the plan is
currently available to all orgs. Thanks for taking the time to report this
Eric Promislow and Matt Royal, CAPI Community Team
On Thu, Aug 31, 2017 at 3:23 PM, Zach Robinson <zrobinson(a)pivotal.io> wrote:
This is actually expected behavior. You can find documentation about
service access here https://docs.cloudfoundry.org/
services/access-control.html. It notes a limitation at the bottom.
"You cannot disable access to a service plan for an org if the plan is
currently available to all orgs. You must first disable access for all
orgs; then you can enable access for a particular org."
This is because service access works in two modes: 1) available to
everybody. 2) available in a whitelist to specific organizations.
Service access does NOT work as a blacklist.
The example you posted shows it as available to all, which means it is in
the first mode I listed. If you want more granular control, then you will
need to disable access for all orgs, and then whitelist each org that
should have access.