Customizing Service Portal Roles for End Users
You provide end users with access to the Service Portal through a Service Portal role. The permissions set for the Service Portal role determine what the Service Portal user can see and do. The following Service Portal roles exist in a new installation of Commander:
- View Only
- Customer
- Delegated Admin
- Manager
This topic provides details on all available Service Portal permissions and shows you how to customize the default roles and create new roles.
To learn how to assign Service Portal roles to end users, see:
- Creating Organizations for Multi-Tenancy, if you're using organizations
- Adding User and Group Accounts and Assigning Roles, if you're not using organizations
In this topic:
Service Portal permissions and default settings
This table provides details on all Service Portal permissions, as well as the default settings for the default roles. Access these roles in Commander through Configuration > Access and Identity> Service Portal Roles tab.
The role names in this table apply to new installations of vCommander 5.0.1 or higher.
|
Available Permissions |
Details |
View Only |
Customer |
Delegated Admin |
Manager |
|---|---|---|---|---|---|
|
Basic Operations |
|||||
|
Connect/Disconnect Media |
Connect or disconnect media associated with the VM |
— |
Yes |
Yes |
Yes |
|
Open Console |
Open and work in a VM console |
— |
Yes |
Yes |
Yes |
|
Open Remote Session |
Access a VM through a remote session (such as SSH or VNC) |
— |
Yes |
Yes |
Yes |
|
Power On/Off |
Start, stop, reset and suspend services; reboot databases; edit the start order for virtual services; run guest OS power commands |
— |
Yes |
Yes |
Yes |
|
Run Command Workflows |
Use any commands that are identified and added to the Service Portal through a command workflow |
— |
Yes |
Yes |
Yes |
|
Schedule Tasks |
Schedule tasks, such as the delivery of saved search results via email and the application of rightsizing recommendations |
— |
Yes |
Yes |
Yes |
|
View the costs associated with a service. This permission also controls visibility of the Costs pane on the dashboard. |
Yes |
Yes |
Yes |
Yes |
|
|
Show Events & Tasks |
View all the events and tasks that occurred for the selected service. These events and tasks include actions initiated by the Service Portal user as well as system events, tasks, and any other events and tasks that are generated by other users who have permission to work with that service. |
Yes |
Yes |
Yes |
Yes |
|
Show Guest OS Details |
View the guest operating system details including applications, services and hotfixes for Windows VMs, and disk information for Windows and non-Windows guests. The guest OS must have been scanned for details to display. |
Yes |
Yes |
Yes |
Yes |
|
Show Search & Reports |
Search and create reports for VMs and applications including hotfixes, guest operating system details and services. This permission also allows Service Portal users to schedule reports and to see the reports on the dashboard. |
Yes |
Yes |
Yes |
Yes |
|
View Managed System Details |
View the Most Expensive Managed Systems widget in the Cost Dashboard and view managed system names |
— |
— |
— |
Yes |
|
Show Dashboard |
View the Service Portal Dashboard. There are now options to set four different Service Portal landing pages. You must set permissions for at least one of the four available landing pages. See Selecting a landing page in the Service Portal. |
Yes |
Yes |
Yes |
Yes |
|
Resource Management |
|||||
|
Request Service Change |
Request a change to an existing service and request service decommissioning. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard. |
— |
Yes |
Yes |
Yes |
|
Show Performance |
View performance information for individual VMs and the VM performance pane on the dashboard |
— |
Yes |
Yes |
Yes |
|
Show Recommendations: Cost Increase |
View and ignore VM upsizing recommendations; exclude VMs from all rightsizing recommendations |
— |
Yes |
Yes |
Yes |
|
Show Recommendations: Cost Decrease |
View ignore VM downsizing recommendations; exclude VMs from all rightsizing recommendations; view power schedule recommendations |
— |
Yes |
Yes |
Yes |
|
Manage Kubernetes |
Create, modify or delete resources in a Kubernetes namespace |
— |
Yes |
Yes |
Yes |
|
New Service Requests |
|||||
|
Easy Share |
Share a copy of a VM with other users |
— |
Yes |
Yes |
Yes |
|
Request Clone |
Request a clone of a VM |
— |
Yes |
Yes |
Yes |
|
Request New Service |
Request a service from the Service Catalog. If a user has either the Request New Service or the Request Service Change permission, they can also see the Service Requests pane on the dashboard. |
— |
Yes |
Yes |
Yes |
|
Lifecycle |
|||||
|
Modify Custom Attributes |
Set values for any custom attribute fields applied to a service |
— |
— |
Yes |
Yes |
|
Modify Expiry Date |
Set the expiry date for a service |
— |
— |
Yes |
Yes |
|
Modify Ownership |
Assign the owners of a service |
— |
— |
Yes |
Yes |
|
Modify Power Schedule Groups |
Set the power schedule group for a VM; apply power schedule recommendations |
— |
— |
Yes |
Yes |
|
Schedule Maintenance Tasks |
Apply a rightsizing recommendation in the maintenance window |
— |
— |
— |
— |
|
Rename VMs |
Rename a VM |
— |
— |
— |
— |
|
Organization Management |
|||||
|
Approve Requests |
Approve service requests from the Service Portal for requests where this user is the approver. Note that the approver also requires the Request New Service permission and the Request Service Change permission. If the requester is an organization member, the approver must be a member of the same organization and must have the Show All Organization Services permission. |
— |
— |
— |
Yes |
|
Manage Organization |
Add or remove organization members and assign or edit members' roles. Manage member quotas. Adds the Management command to the Views menu. |
— |
— |
— |
Yes |
|
Manage Organization Media |
Upload and delete media files within media folders assigned to their organization |
— |
— |
Yes |
Yes |
|
Show All Organization Services |
View all services assigned to the organization. Adds the All Services in <organization> command to the Views menu. Note: You must enable all three of the "Manage Cost Alerts", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts. |
— |
— |
— |
Yes |
|
Show Cost Dashboard |
View the Cost dashboard. Note: You must enable all three of the "Manage Cost Alerts", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts. |
— |
— |
— |
Yes |
|
Manage Cost Alerts |
View and configure cost anomaly alerts and budget alerts. Note: You must enable all three of the "Manage Cost Alerts", "Show All Organization Services" and "Show Cost Dashboard" permissions to view and configure cost anomaly alerts and budget alerts. |
— |
— |
— |
Yes |
|
Advanced Operations |
|||||
|
Manage Global Media |
Upload and delete media files in global media folders |
— |
— |
— |
— |
|
Manage VM Snapshots |
Create, edit and delete the snapshot of a VM |
— |
— |
— |
— |
|
Modify VM CPU & Memory |
Change the memory size or number of virtual processors on a VM |
— |
— |
— |
— |
|
Modify VM Storage |
Increase or decrease storage on the VM |
— |
— |
— |
— |
|
Modify VM Network |
Add, edit or delete network adapters |
— |
— |
— |
— |
|
Show External Page |
Launch and view an external page from within the Service Portal |
— |
— |
— |
— |
Creating new Service Portal roles
|
Access through: |
Configuration menu > Identity and Access > Service Portal Roles tab |
|
Available to: |
Commander Roles of Superuser and Enterprise Admin |
Although you can add as many Service Portal user roles as you want, Embotics recommends that you limit the number of Service Portal user roles to allow for easier tracking and maintenance.
To create a new Service Portal role:
- In the gray column to the right of the previously defined roles, click CLICK TO ADD NEW ROLE.
- In the New Service Portal Role dialog, enter a unique name for the new role.
You can't use any of the Commander role names or Access Rights labels (Superuser, Enterprise Admin, Auditor, User, Administrator, Operator, Approver).
- Click OK.
A column for the new Service Portal user role appears, with no permissions selected. Select the permissions for that role as described above.
Now you can assign the new role to user accounts.
Modifying permissions for an existing Service Portal role
|
Access through: |
Configuration menu > Identity and Access > Service Portal Roles tab |
|
Available to: |
Commander Roles of Superuser and Enterprise Admin |
When you modify the permissions for an existing role, changes take effect with a user's next login to the Service Portal.
To modify an existing role's permissions:
- On the Service Portal Roles tab, locate the role in the table.
- Select and/or de-select any combination of the permissions in the column for that role and click Save.
- Click Yes to confirm the change.
Renaming Service Portal roles
|
Access through: |
Configuration menu > Identity and Access > Service Portal Roles tab |
|
Available to: |
Commander Roles of Superuser and Enterprise Admin |
Renaming a Service Portal role doesn't affect role assignment for users.
To rename a role:
- Click Rename at the bottom of a column.
- In the Rename Service Portal Role dialog, change the name as required and click OK.
Deleting Service Portal roles
|
Access through: |
Configuration menu > Identity and Access > Service Portal Roles tab |
|
Available to: |
Commander Roles of Superuser and Enterprise Admin |
You can't delete a Service Portal user role if a user account has been assigned to that role. You must first unassign this role from the user account. For more information, see Editing or disabling user accounts.
To delete a Service Portal user role:
- Click Delete at the bottom of a column and confirm the deletion.