With the installation out of the way, we can now start to configure permissions beyond the firstname.lastname@example.org account so we can log in and actually do cloudy things. First though, lets create a couple of accounts in active directory so we can drive home the different roles. Log into your DC and create two user accounts - tenantadmin and iaasadmin.
With the two AD accounts crated, head back to the vCloud Automation Center / vRealize Automation appliance log in page and log in as email@example.com
- Click on Tenants >> vsphere.local >> administrators
- In the Tenant administrators search box type tenantadmin, click the magnifying glass icon to search and click on firstname.lastname@example.org
- In the Infrastructure administrators search box type iaasadmin, click the magnifying glass icon to search and click on email@example.com
- Both user accounts should be pictured, similar to below; click the Update button
vRealize Infrastructure administrator role
- Log out of the appliance and log back in as iaasadmin
Remember why we don't need the @vxprt.local here? - thats right we set the default identity source to be our domain in vSphere SSO, and we are using that same SSO for vCloud Automation Center / vRealize Automation
- Notice as the Infrastructure administrator we have only 3 tabs along the top, and we can no longer manage the identity source because this user does not have permission for that.
- Click on Infrastructure, notice the various items as well as that little error message that popped up. That is because we have only licensed the appliance thus far, we still need to license the IaaS components
- Click on Administration >> Licensing, click the Add a License link at the top, enter your license key and click the OK button
- Click on back to Infrastructure and explore the different menus such as Groups, Blueprints and Monitoring and see what type of information and options are available in each
vRealize Tenant administrator role
- Log out of the appliance and log back in as tenantadmin
- Notice that while there is an Infrastructure tab, there is much less available to the tenant admin user
- There is, however, much more available in the administration menu
- Explore the various options available to the tenant admin
We will cover the roles a bit more in-depth in future posts as we configure vRealize Automation. To quench your thirst for all permission things here is a little cheat sheet for what menus and options are available to the tenant and IaaS administrative users, I know I forget easily. With the basic permissions out of the way, it’s time to start setting up the other required pieces such as business groups and endpoints, in the next post of course!
vRealize Automation tenant and infrastructure administrator menu cheat sheet