In our company we actually evaluate using vCloud instead of Labmanager. Now we have a problem regarding our roles in the company. We are splitted in 3 parts like infrastructur, operators and user.
INFRASTRUKTUR provides the resources in vCloud and using role SYSTEMADMINISTRATOR under URL: https://<hostname>/cloud
OPERATORS take care of organisations, define roles, consolidate etc. more or less everything below the infrastructure.
My Problem is that I can´t define a role with needed permissions in https://<hostname>/cloud because there is only one harcoded role "SYSTEMADMINISTRATOR". The infrastructur colleagues told us that OPERATORS can´t use this role because they can crash infrastructure, but for OPERATORS organizationadmin URL: https://<hostname>/cloud/org/<orgname>/ they can´t do their work like described below.
Is the wall between SYSTEMADMINSTRATORS and ORGANIZATIONSADMIINISTRATOR really not moveable.
The best solution for my company would by OPERATORS wich logon to https://<hostname>/cloud, but they are not allowed to do infrastructure releated things, but create organizations, operate VMs like consolidate, define roles for organizations etc.
Is there such a possiblity ? because that problem occurs also in other groups in our company. Actually this blocks us to migrate our ~20000 VMs to vCloud.
Hi Michael. Your requirement is well understood but that feature isn't in the product today. Unfortunately right now the cloud admin role is all or nothing. We heard about your complain from other customers and partners and we do have plan to find a solution hopefully sooner than later.
Thank you for your quick reply. Finally we need to decide if we wait or start with a big workaround, but this is only possible if our INFRASTRUCTURE and OPERATOR guys come together.
Not a good solution - but one option would be to have your non system admin - admin's use a portal page that uses API operations to do tasks they need to do at the system level. Then make org admin account for them for each org they need to be able to get in and work with. Far from perfect, but might let you get the job done until a better solution comes.
Yes,but on one hand we are not a development department in our company and on the other hand there is the question if this really solve the problem.
If Sysadmin group develops a portal, they need to develop different processes for about 20 departments and OrgAdmins are not able to develope because the have no SysAdmin.
I think what Chris suggested was a portal that connects with cloud admin privileges but then mediates what your help desk people can do.
If what they are supposed to do is a very little subset of what a cloud admin can do than this portal could be simple/limited.
Yet there is some development work you need to do to create that (simple?) portal, as you pointed out.
Sent from my iPhone