Hi All,
i manage a Horizon environment (at the moment 8 physical hosts, 1 datacenter and two separate cluster, one for management and one for production machines).
I have to create separate administrators to allow colleagues administering each one a separate "slice" of the system.
Currently i'm running Vcenter appliance v 6.0.0. and horizon 6.3.
I allowed different users/groups from Active Directory to:
- vm creation role on one of the cluster
- no access role on the other cluster
- vm creation role on a vsan datastore
- vm creation role on the dedicated folder containing all delegated-admins-resources
- eventual vm creation role on templates vm.
As it has been so far it can works: delegated admins have read-only permissions of some parts of cluster but they can't edit or manage other's admin vms.
Does anybody have had this need?
How did you manage the issue?
Thanks in advance.
Greetings
Nicola