VMware Cloud Community
MattG
Expert
Expert
‎11-06-2012 07:39 AM
Jump to solution

vCops default vs Custom UI dashboard permissions clarification

I just want to clarify that:

  • vCops default dashboard permissions are defined in vCenter (no matter if you are using vCops plugin or vCops via browser) (does not need LDAP setup because vCenter uses AD perms by default)
  • vCops Custom UI permissions are defined in a separate DB that can be linked to LDAP.
  • No permissions are shared between the two dashboards

Is this correct?

Thanks,

-MattG

-MattG If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
1 Solution

Accepted Solutions
vkaranam
Enthusiast
Enthusiast
‎11-06-2012 07:45 AM
Jump to solution

Hello Matt,

There are prmisssions shared between the two dashboards which are the admin accounts that were set up at initial instalation of vC Ops. Ohter than that the users can use their ID to login in to bothe Standard and Custom Dashboards but we (Admins)  have to grant access at vcenter for standard dashboard and for custom dashboard w ehave to use LDAP configuration.

Thanks

VK

View solution in original post

Reply
0 Kudos
6 Replies
vkaranam
Enthusiast
Enthusiast
‎11-06-2012 07:45 AM
Jump to solution

Hello Matt,

There are prmisssions shared between the two dashboards which are the admin accounts that were set up at initial instalation of vC Ops. Ohter than that the users can use their ID to login in to bothe Standard and Custom Dashboards but we (Admins)  have to grant access at vcenter for standard dashboard and for custom dashboard w ehave to use LDAP configuration.

Thanks

VK

Reply
0 Kudos
admin
Immortal
Immortal
‎11-06-2012 09:16 AM
Jump to solution

Tests I have done :

1. Create admin user in Custom UI. This user cannot login to the vSphere UI.(User Does not exist)

2. Change the Admin account in the /admin Portal will result in the admin account password change in both the vSphere and Custom UI

3. The Ladap user in Custom UI does nto have access to vSphere UI

4. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager USER only have rights to the vSphere UI

5. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager ADMIN only have rights to vSphere UI

6. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager USER do NOT have rights to Custom UI

7. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager ADMIN do NOT have rights to Custom UI

The only "Shared account" is the Admin.

Reply
0 Kudos
twindude
Enthusiast
Enthusiast
‎11-08-2012 07:51 AM
Jump to solution

@HStrydom

is there something specail to get this to work?

5. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager ADMIN only have rights to vSphere UI

I have a VC for which i am in the ADMIN group all the way down to the vApp.

However i can't login to vCOPS UI

I understand that you can use AD/LDAP but i'm not there yet, so I am trying to understand the Virtual Center permissions get me on the vCOPS vApp, or if any?

I do not see any vCOP groups in VC, if i need to create them?

Reply
0 Kudos
MattG
Expert
Expert
‎11-08-2012 08:03 AM
Jump to solution

The default vCops dashboard permissions are controlled by vSphere vCops User/Admin rights (look in vCenter permissions).

If the login account that you are using to login to default vCops UI is the was imported via LDAP into Custom UI then this might be your problem:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=201344...

-MattG

-MattG If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
vkaranam
Enthusiast
Enthusiast
‎11-08-2012 08:05 AM
Jump to solution

Hey twin dude,

is there something specail to get this to work?

5. The vSphere UI User that is defined in vCenter as a Global -> vCenter Operations Manager ADMIN only have rights to vSphere UI

Sol: In the vcenter create two seperate roles as  vcops users & vcops Admins. now when you edit the vcops admin role in the priviliges select

Global -> vCenter Operations Manager ADMIN only have rights to vSphere UI which provides admin access to vcops UI

similarly

when you edit the vcops user role in the priviliges select

Global -> vCenter Operations Manager User only have rights to vSphere UI which provides user access (read-only) to vcops UI.

Creating seperate roles will help in auditing the roles.

Now u can login in to vcops as http:\\vcops-ip address or DNS name.

to login in to admin page http:\\vcops-ip address or DNS name\admin

Thanks

VK

Reply
0 Kudos
admin
Immortal
Immortal
‎11-08-2012 10:37 AM
Jump to solution

Hi,

Make sure your user account have been cranted rights to : Global -> vCenter Operations Manager ADMIN. Maybe create a Role with this access and assign yourself to this role at vCenter level.

You dont have to create groups...but to test do the above.

Reply
0 Kudos