Assigning Access Rights to Administrative Users
After you have added administrative users with Commander roles, assign access rights to your cloud infrastructure. You can assign access rights to:
- Restrict which parts of your cloud infrastructure that each administrative user can access.
- Allow administrative users to carry out a specific set of commands on specific cloud accounts or datacenters.
- Control visibility of events, tasks, and alerts.
Access rights can't be assigned to a user who only has a Service Portal role.
Note: Even when you have restricted your users' access to infrastructure elements that contain a number of sockets equal to or less than your licensed amount, Commander will see all of the sockets available for the entire cloud account. If this amount is higher than the amount for which you purchased licensing, you will receive warnings about exceeding your license. These warnings appear whenever a Commander user logs into the system, but they are not shown to Service Portal users. If you have questions about your license and its enforcement, contact email@example.com or your account manager.
In this topic:
- Assigning Access Rights to Administrative Users
The six levels of access rights that can be assigned to users with Commander roles are:
- Operator with approval
- Operator without deploy/clone (non-provisioning operator)
The following table shows all of the tasks that can be performed with each level of access rights. Remember that access rights restrict what you can see, search for, and manage. For example, when performing a search, your access rights determine what search results will be returned. Some of these tasks also require a particular role.
All of these tasks require some level of access rights; tasks that don't require access rights don't appear in this table.
For each administrative user account, you can assign roles for different access rights to cloud accounts or datacenters.
A higher level of access rights always take precedence over lower levels. For example, if you assign Administrator access rights for a cloud account and then assign Auditor access rights for a datacenter within that cloud account, the user account has Administrator access rights for all datacenters.
Conversely, if you assign Auditor access rights for a cloud account and then assign Administrator access rights on one datacenter within that cloud account, then the user account has Administrator access rights on the specified datacenter and Auditor access rights for the cloud account and all other datacenters in that cloud account.
Notes: You can assign access rights below the cloud account level only for vCenter cloud accounts.
Notes: A user with a Reporter role may only be assigned an access level of Auditor. To display the Reporter role, the
embotics.role.reporter.visible system property be set to 'True'. Contact customer support before making any changes to a system property.
Configuration > Identity and Access
Commander Role of Superuser
Administrator Access Rights
Note: A user with a Commander Role of Enterprise Admin can manage access rights if
To assign access rights to an administrative user:
- Click the Users tab.
- On the Users page, select an administrative user from the list of users.
Note: An administrative user has a Commander role, not a Service Portal role.
- Expand the tree as necessary and select a level of the tree (from the cloud account level to the datacenter level).
- Click Assign Rights.