Every Application has RBAC (Role Based Access Control) as one of the step to secure the environment. With this one can control who can do, what they can do and where they can do. Lets Understand VMware vRA 8 Roles in this blogpost.
Info Source :- https://docs.vmware.com/en/vRealize-Automation/
vRA 8 Roles Types
How to Assign Organization Level Roles and Service Level Roles
1. Login to vRA 8 Console - https://vRA8FQDN
Enter Username = configadmin or any other user
Password = As Configured
2. Click on Identity & Access Management > Enterprise Groups > Assign Roles
2. Search for User Groups > Select Appropriate Organization Level Role > Click on Add Service Access to add appropriate Service Level Roles
If you do not have a vRealize Automation Service Broker administrator role, you must be a member of a project to view the catalog and deploy items in your project.
Detailed View of Code Stream Roles:-
Info Source :- https://docs.vmware.com/en/vRealize-Automation/
vRA 8 Roles Types
1. Login to vRA 8 Console - https://vRA8FQDN
Enter Username = configadmin or any other user
Password = As Configured
2. Click on Identity & Access Management > Enterprise Groups > Assign Roles
2. Search for User Groups > Select Appropriate Organization Level Role > Click on Add Service Access to add appropriate Service Level Roles
In the following tables, where the permissions are defined, remember that the cloud administrator has full permission on all areas of the UI.
Project administrators leverage the infrastructure that is created by the cloud administrator to ensure that their project members have the resources they need for their development work.
Project administrators leverage the infrastructure that is created by the cloud administrator to ensure that their project members have the resources they need for their development work.
Project
Administrator Permissions
|
||||
Tab
|
Node or Area
|
View
|
Create
|
Modify/Delete
|
Infrastructure
|
Configure -
Projects
|
Yes (only your
projects)
|
No
|
Yes (only your
projects)
|
Configure - Cloud Zones
|
No
|
No
|
No
|
|
Configure -
Flavor Mappings
|
Yes
|
No
|
No
|
|
Configure - Image Mappings
|
Yes
|
No
|
No
|
|
Configure -
Network Profiles
|
Yes
|
No
|
No
|
|
Configure - Storage Profiles
|
Yes
|
No
|
No
|
|
Configure -
Tags
|
Yes
|
No
|
No
|
|
Resources - Compute
|
Yes
|
No
|
No
|
|
Resources -
Network
|
Yes
|
No
|
No
|
|
Resources - Storage
|
Yes
|
No
|
No
|
|
Resources -
Machines
|
Yes (only your
projects)
|
Yes
|
Yes (only your
projects)
|
|
Resources - Volumes
|
||||
Activity -
Requests
|
Yes (only your
projects)
|
N/A
|
Yes (only your
projects)
|
|
Activity - Events
|
Yes (only your projects)
|
N/A
|
Yes (only your projects)
|
|
Connections -
Cloud Accounts
|
No
|
No
|
No
|
|
Connections - Integrations
|
No
|
No
|
||
Connections -
Cloud Proxies
|
No
|
No
|
||
Cost - VMC Assessment
|
Yes
|
No
|
No
|
|
Cost - Private
Clouds
|
Yes
|
No
|
No
|
|
Onboarding
|
No
|
No
|
||
Blueprints
|
Blueprints
|
Yes (only for
your projects)
|
Yes (only for
your projects)
|
Yes (only for
your projects)
|
Deployments
|
Deployments
|
Yes (only for your projects)
|
N/A
|
Yes (only for your projects)
|
Project Members are Usually developers who create and deploy
blueprints
Project Member
Permissions
|
||||
Tab
|
Node or Area
|
View
|
Create
|
Modify/Delete
|
Infrastructure
|
Configure -
Projects
|
Yes (only the
projects you are a member of)
|
No
|
No
|
Configure - Cloud Zones
|
No
|
No
|
No
|
|
Configure -
Flavor Mappings
|
Yes
|
No
|
No
|
|
Configure - Image Mappings
|
Yes
|
No
|
No
|
|
Configure -
Network Profiles
|
Yes
|
No
|
No
|
|
Configure - Storage Profiles
|
Yes
|
No
|
No
|
|
Configure -
Tags
|
Yes
|
No
|
No
|
|
Resources - Compute
|
Yes
|
No
|
No
|
|
Resources -
Network
|
Yes
|
No
|
No
|
|
Resources - Storage
|
Yes
|
No
|
No
|
|
Resources -
Machines
|
Yes (only the
ones that you deployed)
|
Yes
|
Yes (only the
ones that you deployed)
|
|
Resources - Volumes
|
||||
Activity -
Requests
|
Yes (only the
ones that you deployed)
|
N/A
|
Yes (only the
ones that you deployed)
|
|
Activity - Events
|
Yes (only the ones that you deployed)
|
N/A
|
Yes (only the ones that you deployed)
|
|
Connections -
Cloud Accounts
|
No
|
No
|
No
|
|
Connections - Integrations
|
||||
Connections -
Cloud Proxies
|
||||
Cost - VMC Assessment
|
Yes
|
No
|
No
|
|
Cost - Private
Clouds
|
Yes
|
No
|
No
|
|
Onboarding
|
||||
Blueprints
|
Blueprints
|
Yes (only for
your projects)
|
Yes (only for
your projects)
|
Yes (only for
your projects)
|
Deployments
|
Deployments
|
Yes (For just your deployments, unless the project deployments are
share with all project members.)
|
N/A
|
Yes (For just your deployments, unless projects deployments are shared
with all project members and you're entitled to run the day 2 actions.)
|
Project
Administrator and Project Member Roles
|
|||
Task
|
vRealize Automation Service Broker Administrator
|
Project Administrator
|
Project Member
|
Request catalog items in my project
|
Yes
|
Yes
|
Yes
|
Create projects
|
Yes
|
No
|
No
|
Update project name and description
|
Yes
|
Yes
|
No
|
Add users to my project
|
Yes
|
Yes
|
No
|
View provisioned deployments
|
Yes
|
Yes
|
Yes
|
For all project members.
|
For just your deployments, unless the project deployments are share
with all project members.
|
||
Run deployment actions
|
Yes
|
Yes
|
Yes
|
For all project members.
|
For just your deployments, unless projects deployments are shared with
all project members and you're entitled to run the day 2 actions.
|
||
Manage content sources
|
Yes
|
No
|
No
|
Share content
|
Yes
|
No
|
No
|
Customize request forms
|
Yes
|
No
|
No
|
Create policies
|
Yes
|
Yes
|
No
|
Add cloud zones
|
Yes
|
No
|
No
|
Add cloud accounts
|
Yes
|
No
|
No
|
Add integrations
|
Yes
|
No
|
No
|
Add cloud proxies
|
Yes
|
No
|
No
|
Permissions
and roles in VMware Code Stream
|
||||
Permission
|
Administrator
role
|
User role
|
Executor role
|
Viewer role
|
View
pipelines.
|
Yes
|
Yes
|
Yes
|
Yes
|
Create
pipelines.
|
Yes
|
Yes
|
||
Update
pipelines.
|
Yes
|
Yes
|
||
Run pipelines.
Resume, pause, and cancel pipeline executions.
|
Yes
|
Yes
|
Yes
|
|
Delete
pipelines.
|
Yes
|
Yes
|
||
View
endpoints.
|
Yes
|
Yes
|
Yes
|
Yes
|
Create
endpoints.
|
Yes
|
Yes
|
||
Update
endpoints.
|
Yes
|
Yes
|
||
Delete
endpoints.
|
Yes
|
Yes
|
||
View pipeline
executions.
|
Yes
|
Yes
|
Yes
|
Yes
|
View
dashboards.
|
Yes
|
Yes
|
Yes
|
Yes
|
Create
dashboards.
|
Yes
|
Yes
|
||
Update
dashboards.
|
Yes
|
Yes
|
||
Delete
dashboards.
|
Yes
|
Yes
|
||
Mark an
endpoint or variable as restricted.
|
Yes
|
|||
Run pipelines
that include restricted endpoints or variables.
|
Yes
|
|||
Resume pipelines that stop for approval on restricted resources.
|
Yes
|
|||
No comments:
Post a Comment