Maybe a dummy question, but I could not find solution for that.
My use case:
I have subset of machines which I would like to control within given business group, not all but just subset. Those machines are owned by different users.
On top of that I have create scripts to execute different actions, but I want to make sure that actions will be just executed on machines which are predefined (above mentioned subset).
Question is: how can delegate access to just selected machines to account which I will use to access RestAPI and to execute actions.
I don't want to make that user a group administrator - just to have access to selected resources.
We are running on vRealize 7.0.1
One way is to define a user as a member of the support role in a given business group. That user will not have manager-level permissions but can see and perform actions on all machines in a business group. You can further control the actions that are performed through fine-tuned entitlements.
You can deligate a "Support user" role to request and manage items on behalf of other users within their business groups.
Entitlements enables to add governance and additional controls to your environment. It allow admins to create a set of policies that determine which services any given consumer can deploy and how they can [lifecycle] manage their services post-provisioning. Entitlements are created and managed under Catalog Management (Administration tab -> Catalog Management -> Entitlements) for all available services. It is important to note that entitlements are a REQUIRED function for service delivery (e.g. all services must be entitled at some level before they are available for consumption).
The following entitlement options are available per Business Group User or Group.
PaaS / AppServices Blueprints
Actions / Custom Actions (Day 2 Operations)