Customizing Service Portal Roles for Users

You provide end users with access to the Service Portal through a Service Portal role. The permissions set for the Service Portal role determine what the Service Portal user can see and do. The following Service Portal roles exist in a new installation of Commander:

View Only
Customer
Delegated Admin
Manager

This topic provides details on all available Service Portal permissions and shows you how to customize the default roles and create new roles.

To learn how to assign Service Portal roles to end users, see:

Creating Organizations, if you're using organizations
Adding User and Group Accounts and Assigning Roles, if you're not using organizations

In this topic:

Service Portal permissions and default settings

This table provides details on all Service Portal permissions, as well as the default settings for the default roles. Access these roles in Commander through Configuration > Access and Identity> Service Portal Roles tab.

Note: The role names in this table apply to new installations of vCommander 5.0.1 or higher.

Service Portal Permissions

Available Permissions	Details	View Only	Customer	Delegated Admin	Manager
Basic Operations
Connect/Disconnect Media	Connect or disconnect media associated with the VM	—	Yes	Yes	Yes
Open Console	Open and work in a VM console	—	Yes	Yes	Yes
Open Remote Session	Access a VM through a remote session (such as SSH or VNC)	—	Yes	Yes	Yes
Power On/Off	Start, stop, reset and suspend services; reboot databases; edit the start order for virtual services; run guest OS power commands	—	Yes	Yes	Yes
Run Command Workflows	Use any commands that are identified and added to the Service Portal through a command workflow	—	Yes	Yes	Yes
Schedule Tasks	Schedule tasks, such as the delivery of saved search results via email and the application of rightsizing recommendations	—	Yes	Yes	Yes
Show Cost	View the costs associated with a service. This permission also controls visibility of the Costs section on the dashboard.	Yes	Yes	Yes	Yes
Show Events & Tasks	View all the events and tasks that occurred for the selected service. These events and tasks include actions initiated by the Service Portal user as well as system events, tasks, and any other events and tasks that are generated by other users who have permission to work with that service.	Yes	Yes	Yes	Yes
Show Search & Reports	Allows Service Portal users to schedule reports and to see the reports on the dashboard.	Yes	Yes	Yes	Yes
View Cloud Account Details	View the Most Expensive Cloud Accounts widget in the Cost Dashboard and view cloud account names	—	—	—	Yes
Show Dashboard	View the Service Portal Dashboard. There are now options to set four different Service Portal landing pages. You must set permissions for at least one of the four available landing pages. See Selecting Service Portal landing pages.	Yes	Yes	Yes	Yes
Resource Management
Request Service Change	Request a change to an existing service and request service decommissioning. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.	—	Yes	Yes	Yes
Show Performance	View performance information for individual VMs and the VM performance pane on the dashboard	—	Yes	Yes	Yes
Show Recommendations: Cost Increase	View and ignore VM upsizing recommendations; exclude VMs from all rightsizing recommendations	—	Yes	Yes	Yes
Show Recommendations: Cost Decrease	View ignore VM downsizing recommendations; exclude VMs from all rightsizing recommendations; view power schedule recommendations	—	Yes	Yes	Yes
Manage Kubernetes	Create, modify or delete resources in a Kubernetes namespace	—	Yes	Yes	Yes
New Service Requests
Easy Share	Share a copy of a VM with other users	—	Yes	Yes	Yes
Request Clone	Request a clone of a VM	—	Yes	Yes	Yes
Request New Service	Request a service from the Service Catalog. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.	—	Yes	Yes	Yes
Lifecycle
Modify Custom Attributes	Set values for any custom attribute fields applied to a service	—	—	Yes	Yes
Modify Expiry Date	Set the expiry date for a service	—	—	Yes	Yes
Modify Ownership	Assign the owners of a service	—	—	Yes	Yes
Modify Power Schedule Groups	Set the power schedule group for a VM; apply power schedule recommendations	—	—	Yes	Yes
Schedule Maintenance Tasks	Apply a rightsizing recommendation in the maintenance window	—	—	—	—
Rename VMs	Rename a VM	—	—	—	—
Organization Management
Approve Requests	Approve service requests from the Service Portal for requests where this user is the approver. Note that the approver also requires the Request New Service permission and the Request Service Change permission. If the requester is an organization member, the approver must be a member of the same organization and must have the Show All Organization Services permission.	—	—	—	Yes
Manage Organization	Add or remove organization members and assign or edit members' roles. Manage member quotas. Adds the Management command to the Views menu.	—	—	—	Yes
Manage Organization Media	Upload and delete media files within media folders assigned to their organization	—	—	Yes	Yes
Show All Organization Services	View all services assigned to the organization. Adds the All Services in <organization> command to the Views menu. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	Yes
Show Cost Dashboard	View the Cost dashboard. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	Yes
Manage Cost Anomalies	View and configure cost anomaly alerts and budget alerts. Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.	—	—	—	Yes
Advanced Operations
Manage Global Media	Upload and delete media files in global media folders	—	—	—	—
Manage VM Snapshots	Create, edit and delete the snapshot of a VM	—	—	—	—
Modify VM CPU & Memory	Change the memory size or number of virtual processors on a VM	—	—	—	—
Modify VM Storage	Increase or decrease storage on the VM	—	—	—	—
Modify VM Network	Add, edit or delete network adapters	—	—	—	—
Show External Page	Launch and view an external page from within the Service Portal	—	—	—	—

Creating new Service Portal roles

Although you can add as many Service Portal user roles as you want, we recommend that you limit the number of Service Portal user roles to allow for easier tracking and maintenance.

Access through:	Configuration > Identity and Access > Service Portal Roles tab
Available to:	Commander Roles of Superuser and Enterprise Admin

To create a new Service Portal role:

In the gray column to the right of the previously defined roles, click CLICK TO ADD NEW ROLE.
In the New Service Portal Role dialog, enter a unique name for the new role.
You can't use any of the Commander role names or Access Rights labels (Superuser, Enterprise Admin, Auditor, User, Administrator, Operator, Approver).
Click OK.
A column for the new Service Portal user role appears, with no permissions selected. Select the permissions for that role as described above.

Now you can assign the new role to user accounts.

Modifying permissions for existing Service Portal roles

When you modify the permissions for an existing role, changes take effect with a user's next sign in to the Service Portal.

Access through:	Configuration > Identity and Access > Service Portal Roles tab
Available to:	Commander Roles of Superuser and Enterprise Admin

To modify an existing role's permissions:

On the Service Portal Roles tab, locate the role in the table.
Select and/or de-select any combination of the permissions in the column for that role and click Save.
Click Yes to confirm the change.

Renaming Service Portal roles

Renaming a Service Portal role doesn't affect role assignment for users.

Access through:	Configuration > Identity and Access > Service Portal Roles tab
Available to:	Commander Roles of Superuser and Enterprise Admin

To rename a role:

Click Rename at the bottom of a column.
In the Rename Service Portal Role dialog, change the name as required and click OK.

Deleting Service Portal roles

You can't delete a Service Portal user role if a user account has been assigned to that role. You must first unassign this role from the user account. For more information, see Editing or disabling user accounts.

Access through:	Configuration > Identity and Access > Service Portal Roles tab
Available to:	Commander Roles of Superuser and Enterprise Admin

To delete a Service Portal user role:

Click Delete at the bottom of a column and confirm the deletion.