The preferred/recommended method here would actuall be:
Setup vCO to connect to vCenter using shared credentials with an administrative (Or permission limited) account instead of per-user. Then use the role based permissions in vCO to allow group members execute the desired workflows - even better is to have the workflows available for execution only available via a portal (Perspectives Webview, Custom Webview, External system calling the vCO SOAP API)
Benefits of this configuration, to name a few, include:
- Reducing the number of API connections/sessions to your vCenter server (Sharing a single credential instead of each vCO user initiated workflow establishing a new connection)
- Allows for Role Based Access Control on the vCO side to limit access to workflows, and ultimately vCenter operations
- Reduces the need to maintain multiple vCenter accounts and prevents users from directly accessing vCenter
If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!
Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
