When you connect to a cloud account (managed system) such as VMware vCenter or Microsoft SCVMM/Hyper-V, note that vCommander® requires an administrative account. The account must have full administrative access on the entire cloud account (managed system). You can then subsequently restrict access in vCommander leveraging the roles and access rights described in this article
Doing so for all user accounts in the system, made easier by only adding Active Directory groups to vCommander as the only users, will ensure that only the access you desire is provided.
The image above shows the access rights for the currently selected user in the users list (not shown). This user has full administrator access to the HP Public Cloud, Amazon EC2, and the SCVMM cloud account (managed system) called kindling. Under the VMware cloud account (managed system) called autumnrain, the user has administrator access to the Shared and Ted data centers.
Configuring Access Rights
You can assign access rights for more than one element to the same user account. For example, if three cloud accounts (managed systems) exist, a user may be assigned Administrator rights on one datacenter, Auditor rights on a separate cloud account (managed system), and Approver rights on another datacenter. (For SCVMM cloud accounts (managed systems), it’s not possible to assign access rights below the cloud account (managed system) level.)
A higher level of access rights always takes precedence over a lower level. For example, if you assigned a user Administrator access rights on a cloud account (managed system) and then assigned the same user Auditor access rights on a datacenter within that cloud account (managed system), that user has the Administrator access rights on all datacenters.
To configure access rights, follow the steps below.
- Under the Configuration menu, choose Users and Roles.
- On the Users tab, select the user or directory group for which you wish to configure rights.Note: The selected user or directory group must have a vCommander role. Those with only Service Portal roles cannot have access rights assigned.
- With the user or group selected, expand the directory tree in the right-hand pane. Select an appropriate infrastructure level and click Assign Access Rights.
Even when you have restricted your users access to infrastructure elements that contain an amount of sockets equal to or less than your licensed amount, vCommander will see all of the sockets available for the entire cloud account (managed system). If this amount is higher than the amount for which you purchased licensing, you will receive warnings about exceeding your license. These warnings appear whenever a vCommander user logs into the system, but are never shown to any Service Portal users.
If you have any questions about your license and its enforcement, please contact firstname.lastname@example.org or your account manager directly.