VMware Cloud Community
MQVMW
Contributor
Contributor
‎11-26-2012 06:02 AM

can I restrict a user for a executing particular workflow

Hi,

I have group of workflow ,I want a particular user to execute a certain workflows only .

Is it possible in vCenter Orchetrator ?? If possible how ??

Thanks,

0 Kudos
3 Replies
iiliev
VMware Employee
VMware Employee
‎11-26-2012 01:18 PM

Hi MQVMW,

Permissions can be set on group level, not on user level.

To add/delete permissions for a given workflow using the vCO Swing Client:

1) Navigate to the target workflow

2) Press 'edit' button

3) Go to 'Permissions' tab

4) Press 'add access rights' or 'delete selected access rights' buttons (located in the top left corner)

5) Using the filter edit box, list/select the group you want to give/restrict permissions on this workflow

6) Check/uncheck the appropriate check box(es) for the 5 possible access rights. In your use case, the most interesting permission is 'Execute' (uncheck it to restrict execute permission).

7) Press 'Select' button to accept your selection.

😎 Press 'Save and close' button to exit from edit mode

The next time you login as a user that is member of this group, you should not be able to start a new workflow execution for this workflow.

Hope this helps,

-Ilian

ZackZhang
Contributor
Contributor
‎12-05-2012 09:56 PM

Hi iiliev,

     I have a problem on setting permissions on a workflow.

     By "Edit access rights" for the workflow, I correctly configured the workflow to only be viewable for a group of users. However, when I log into vCO client or web operator as an user from the group, I find myself still able to edit/execute the workflow.

    Based on my understanding, I believe this is because this group is configured as the vCO admin group, so users from the group always have full permissions on the workflows no matter how the access rights have been configured on them.

    So I thought of changing the vCO admin group for the vCenter Orchestrator server to another. But with this change, the user isn't able to log into vCO client/web operator any more as he's no longer in the vCO admin group.

    This seems to be a paradox? Or am I missing anything? It will be great if you can offer some help, thanks in advance!

0 Kudos
ZackZhang
Contributor
Contributor
‎12-05-2012 10:57 PM

Never mind, I got the solution from another post.

To make a non-vcoadmin user able to log on to vCO client/web operator, all that needs to be done is to edit the access rights for the root element and

grant view privilege for the group that the non-vcoadmin user is in.

0 Kudos