When you connect to a managed system such as VMware vCenter or Microsoft SCVMM/Hyper-V, note that vCommander requires an administrative account. The account must have full administrative access on the entire managed system. You can then subsequently restrict access in vCommander leveraging the roles and access rights described in this article
Doing so for all user accounts in the system, made easier by only adding Active Directory groups to vCommander as the only users, will ensure that only the access you desire is provided.
The image above shows the access rights for the currently selected
user in the users list (not shown). This user has full administrator
access to the HP Public Cloud, Amazon EC2, and the SCVMM managed system
called kindling. Under the VMware managed system called autumnrain, the user has administrator access to the Shared and Ted data centers.
Configuring Access Rights
You can assign access rights for more than one element to the same
user account. For example, if three managed systems exist, a user may be
assigned Administrator rights on one datacenter, Auditor rights on a
separate managed system, and Approver rights on another datacenter. (For
SCVMM managed systems, it’s not possible to assign access rights below
the managed system level.)
A higher level of access rights always takes precedence over a lower
level. For example, if you assigned a user Administrator access rights
on a managed system and then assigned the same user Auditor access
rights on a datacenter within that managed system, that user has the
Administrator access rights on all datacenters.
To configure access rights, follow the steps below.
- Under the Configuration menu, choose Users and Roles.
- On the Users tab, select the user or directory group for which you wish to configure rights.Note: The selected user or directory group must have a vCommander role. Those with only Service Portal roles cannot have access rights assigned.
- With the user or group selected, expand the directory tree in the right-hand pane. Select an appropriate infrastructure level and click Assign Access Rights.
Even when you have restricted your users access to infrastructure elements that contain an amount of sockets equal to or less than your licensed amount, vCommander will see all of the sockets available for the entire managed system. If this amount is higher than the amount for which you purchased licensing, you will receive warnings about exceeding your license. These warnings appear whenever a vCommander user logs into the system, but are never shown to any Service Portal users.
If you have any questions about your license and its enforcement, please contact email@example.com or your account manager directly.