Customizing Service Portal Roles for Users

You provide end users with access to the Service Portal through a Service Portal role. The permissions set for the Service Portal role determine what the Service Portal user can see and do. The following Service Portal roles exist in a new installation of Commander:

  • View Only
  • Customer
  • Delegated Admin
  • Manager

This topic provides details on all available Service Portal permissions and shows you how to customize the default roles and create new roles.

To learn how to assign Service Portal roles to end users, see:

In this topic:

Service Portal permissions and default settings

This table provides details on all Service Portal permissions, as well as the default settings for the default roles. Access these roles in Commander through Configuration > Access and Identity> Service Portal Roles tab.

The role names in this table apply to new installations of vCommander 5.0.1 or higher.

Service Portal Permissions

Available Permissions

Details

View Only

Customer

Delegated Admin

Manager

Basic Operations

Connect/Disconnect Media

Connect or disconnect media associated with the VM

Yes

Yes

Yes

Open Console

Open and work in a VM console

Yes

Yes

Yes

Open Remote Session

Access a VM through a remote session (such as SSH or VNC)

Yes

Yes

Yes

Power On/Off

Start, stop, reset and suspend services; reboot databases; edit the start order for virtual services; run guest OS power commands

Yes

Yes

Yes

Run Command Workflows

Use any commands that are identified and added to the Service Portal through a command workflow

Yes

Yes

Yes

Schedule Tasks

Schedule tasks, such as the delivery of saved search results via email and the application of rightsizing recommendations

Yes

Yes

Yes

Show Cost

View the costs associated with a service. This permission also controls visibility of the Costs section on the dashboard.

Yes

Yes

Yes

Yes

Show Events & Tasks

View all the events and tasks that occurred for the selected service. These events and tasks include actions initiated by the Service Portal user as well as system events, tasks, and any other events and tasks that are generated by other users who have permission to work with that service.

Yes

Yes

Yes

Yes

Show Guest OS Details

View the guest operating system details including applications, services and hotfixes for Windows VMs, and disk information for Windows and non-Windows guests. The guest OS must have been scanned for details to display.

Yes

Yes

Yes

Yes

Show Search & Reports

Search and create reports for VMs and applications including hotfixes, guest operating system details and services. This permission also allows Service Portal users to schedule reports and to see the reports on the dashboard.

Yes

Yes

Yes

Yes

View Managed System Details

View the Most Expensive Managed Systems widget in the Cost Dashboard and view managed system names

Yes

Show Dashboard

View the Service Portal Dashboard. There are now options to set four different Service Portal landing pages. You must set permissions for at least one of the four available landing pages. See Selecting Service Portal landing pages.

Yes

Yes

Yes

Yes

Resource Management

Request Service Change

Request a change to an existing service and request service decommissioning. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.

Yes

Yes

Yes

Show Performance

View performance information for individual VMs and the VM performance pane on the dashboard

Yes

Yes

Yes

Show Recommendations: Cost Increase

View and ignore VM upsizing recommendations; exclude VMs from all rightsizing recommendations

Yes

Yes

Yes

Show Recommendations: Cost Decrease

View ignore VM downsizing recommendations; exclude VMs from all rightsizing recommendations; view power schedule recommendations

Yes

Yes

Yes

Manage Kubernetes

Create, modify or delete resources in a Kubernetes namespace

Yes

Yes

Yes

New Service Requests

Easy Share

Share a copy of a VM with other users

Yes

Yes

Yes

Request Clone

Request a clone of a VM

Yes

Yes

Yes

Request New Service

Request a service from the Service Catalog. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard.

Yes

Yes

Yes

Lifecycle

Modify Custom Attributes

Set values for any custom attribute fields applied to a service

Yes

Yes

Modify Expiry Date

Set the expiry date for a service

Yes

Yes

Modify Ownership

Assign the owners of a service

Yes

Yes

Modify Power Schedule Groups

Set the power schedule group for a VM; apply power schedule recommendations

Yes

Yes

Schedule Maintenance Tasks

Apply a rightsizing recommendation in the maintenance window

Rename VMs

Rename a VM

Organization Management

Approve Requests

Approve service requests from the Service Portal for requests where this user is the approver. Note that the approver also requires the Request New Service permission and the Request Service Change permission.

If the requester is an organization member, the approver must be a member of the same organization and must have the Show All Organization Services permission.

Yes

Manage Organization

Add or remove organization members and assign or edit members' roles. Manage member quotas. Adds the Management command to the Views menu.

Yes

Manage Organization Media

Upload and delete media files within media folders assigned to their organization

Yes

Yes

Show All Organization Services

View all services assigned to the organization. Adds the All Services in <organization> command to the Views menu.

Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.

Yes

Show Cost Dashboard

View the Cost dashboard.

Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.

Yes

Manage Cost Anomalies

View and configure cost anomaly alerts and budget alerts.

Note: You must enable all three of the "Manage Cost Anomalies", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts.

Yes

Advanced Operations

Manage Global Media

Upload and delete media files in global media folders

Manage VM Snapshots

Create, edit and delete the snapshot of a VM

Modify VM CPU & Memory

Change the memory size or number of virtual processors on a VM

Modify VM Storage

Increase or decrease storage on the VM

Modify VM Network

Add, edit or delete network adapters

Show External Page

Launch and view an external page from within the Service Portal

Creating new Service Portal roles

Access through:

Configuration > Identity and Access > Service Portal Roles tab

Available to:

Commander Roles of Superuser and Enterprise Admin

Although you can add as many Service Portal user roles as you want, Embotics recommends that you limit the number of Service Portal user roles to allow for easier tracking and maintenance.

To create a new Service Portal role:

  1. In the gray column to the right of the previously defined roles, click CLICK TO ADD NEW ROLE.
  2. In the New Service Portal Role dialog, enter a unique name for the new role.

    You can't use any of the Commander role names or Access Rights labels (Superuser, Enterprise Admin, Auditor, User, Administrator, Operator, Approver).

  3. Click OK.

    A column for the new Service Portal user role appears, with no permissions selected. Select the permissions for that role as described above.

Now you can assign the new role to user accounts.

Modifying permissions for existing Service Portal roles

Access through:

Configuration > Identity and Access > Service Portal Roles tab

Available to:

Commander Roles of Superuser and Enterprise Admin

When you modify the permissions for an existing role, changes take effect with a user's next login to the Service Portal.

To modify an existing role's permissions:

  1. On the Service Portal Roles tab, locate the role in the table.
  2. Select and/or de-select any combination of the permissions in the column for that role and click Save.
  3. Click Yes to confirm the change.

Renaming Service Portal roles

Access through:

Configuration > Identity and Access > Service Portal Roles tab

Available to:

Commander Roles of Superuser and Enterprise Admin

Renaming a Service Portal role doesn't affect role assignment for users.

To rename a role:

  1. Click Rename at the bottom of a column.
  2. In the Rename Service Portal Role dialog, change the name as required and click OK.

Deleting Service Portal roles

Access through:

Configuration > Identity and Access > Service Portal Roles tab

Available to:

Commander Roles of Superuser and Enterprise Admin

You can't delete a Service Portal user role if a user account has been assigned to that role. You must first unassign this role from the user account. For more information, see Editing or disabling user accounts.

To delete a Service Portal user role:

  • Click Delete at the bottom of a column and confirm the deletion.