You can add organization administrators to Cyfuture Cloud Console individually, or as part of an LDAP group. You can also add and modify the roles that determine what rights a user has within their organization.
Important You must be an organization administrator to manage the users, groups, and roles within your organization. Your system administrator can publish one or more global tenant roles to your tenant, and as an organization administrator, you can see them in the list of roles. Such roles are for example, Catalog Author, vApp Author, vApp User, Organization Administrator, and so on. You cannot modify the predefined global tenant roles, but you can create and update similar custom tenant roles and assign them to users within your tenant.
This chapter includes the following topics:
Managing Users
From the tenant portal you can create, edit, import, and delete users. In addition, you can also unlock user accounts in case a user tried to log in with an incorrect password and as a result has locked their own user account.
Create a User
You can create a user within your Cyfuture Cloud Console organization.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel, under Access Control, click Users. The list of users appears.
- Click New.
- Enter a user name and the password setting of the user. The minimum password length is six characters.
- Select whether to enable the user upon creation.
- If you want to set a specific limitation on the resources available to the user, turn on theConfigure user's quota toggle.
If you turn on the toggle, when you complete this wizard, Cyfuture Cloud Console redirects you to the Quotas page. You can add quotas on the number of Tanzu Kubernetes clusters, all or running VMs managed by the user, consumed CPU, memory, and storage. Select Unlimited if you want the user to have unlimited resources of the selected type.
7. Choose the role that you want to assign to the user.
The Available roles menu consist of a list of predefined roles and any custom roles that you or the system administrator might have created.
|
Predefined role |
Description |
|
vApp Author |
The rights associated with the predefined vApp Author role allow a user to use catalogs and create vApps. |
|
Console Access Only |
The rights associated with the predefined Console Access Only role allow a user to view virtual machine state and properties and to use the guest OS. |
|
vApp User |
The rights associated with the predefined vApp User role allow a user to use existing vApps. |
|
Organization Administrator |
A user with the predefined Organization Administrator role can use the Cyfuture Cloud Console tenant portal or the Cloud Console OpenAPI to manage users and groups in their organization and assign them roles, including the predefined Organization Administrator role. An organization administrator can use the Cloud Console OpenAPI to create or update role objects that are local to the organization. Roles created or modified by an organization administrator are not visible to other organizations. |
|
Defer to Identity Provider |
Rights associated with the predefined Defer to Identity Provider role are determined based on information received from the user's OAuth or SAML Identity Provider. To qualify for inclusion when a user is assigned the Defer to Identity Provider role, a role name supplied by the Identity Provider must be an exact, case-sensitive match for a role, or name defined in your organization. |
|
Catalog Author |
The rights associated with the predefined Catalog Author role allow a user to create and publish catalogs. |
8. (Optional) Enter the contact information, such as name, email address, phone number, and instant messaging ID.
9. Click Save.
What to do next
If you enabled quotas configuration for the user and Cyfuture Cloud Console redirects you to the
Quotas page, see Manage the Resource Quotas of a User.
Import Users
You can add users to your organizations by importing an LDAP user or a SAML user and assigning them a certain role.
Prerequisites
- This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
- Verify that you have a valid connection to an LDAP server or that you Enable Your Organization to Use a SAML Identity Provider .
Procedure
- In the top navigation bar, click Administration.
- In the left panel, under Access Control, click Users. The list of users appears.
- Click Import Users.
- Select a source from which you want to import the users.
You will only view the source LDAP server or SAML server that you configured as identity provider.
|
Source |
Action |
|
LDAP |
Import users from an LDAP server. a Enter a full or partial name in the text box and click Search. b Select the users whom you want to import and click Add. |
|
SAML |
Import users from a SAML server. Enter the user names of the users that you want to import. User names must be in the name identifier format supported by the SAML identity provider configured for this organization.
Note If you are using VMWare vCenter Single Sign-On as the SAML identity provider, the user names that you import from a VMWare vCenter Single Sign-On domain must be in User Principal Name (UPN) format, for example jdoe@mydomain.com. Use a new line for each user name. |
5. Select the role which you want to assign to the users that you import.
6. Click Save.
Modify a User
As an organization administrator, you can modify the password, the contact, and the virtual machine quota settings of an existing user. In addition, you can also change the role of the user.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel, under Access Control, click Users. The list of users appears.
- Click the radio button next to the name of the user that you want to edit and click Modify.
- Update the settings you want to modify.
a. Change the password as necessary.
b. Select whether to enable or deactivate the user.
c. Update the user role.
d. Update the contact information, such as name, email address, phone number, and instant messaging ID.
e. Edit virtual machine quota for the user.
5. Click Save.
Deactivate or Activate a User Account
You can deactivate a user account to prevent that user from logging in to Cyfuture Cloud Console. To delete a user, you must first deactivate their account.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
-
In the top navigation bar, click Administration.
-
In the left panel, under Access Control, click Users. The list of users appears.
-
To deactivate a user account, click the radio button next to the user name, click deactivate, and confirm that you want to deactivate the account
-
To enable a user account that you have already deactivated, click the radio button next to the user name, and click Enable.
Delete a User
You can remove a user from the Cyfuture Cloud Console organization by deleting the user account.
Prerequisites
- This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
- deactivate the account you want to delete.
Procedure
- In the top navigation bar, click Administration.
- In the left panel, under Access Control, click Users. The list of users appears.
- Click the radio button next to the name of the user that you want to delete and click Delete.
- To confirm that you want to delete the user account, click OK.
Unlock a Locked Out User Account
In case you have enabled a lockout policy in your Cyfuture Cloud Console organization, a user account is locked after a certain number of invalid login attempts. You can unlock the locked user account. Best practice is to change the password of the user and unlock the account.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel, under Access Control, click Users. The list of users appears.
- Click the radio button next to the user name, click Unlock.
Manage the Resource Quotas of a User
You can manage the overall resource consumption limit of a user. You can add, edit, and remove the user's quotas on VMs, Tanzu Kubernetes clusters, CPU, memory, or storage.
Users can see the quotas relevant only to their user type. Users inherit quotas from the group they belong to. If a user inherits a resource quota from their group and has an explicit user-level quota defined for that resource, then the user-level quota takes priority over the group-level quota.
For information about creating or importing users, see Create a User or Import Users.
Prerequisites
Verify that you have the necessary rights to add, edit, and delete resource quotas. By default, Organization administrators can change the quotas of users.
Procedure
- In the top navigation bar, click Administration.
- In the left panel under Access Control, click Users.
- Select the name of a user and select the Quotas tab.
Users do not have any quotas by default. All users that belong to a group inherit the group's quotas. If the user belongs to a group that has a quota on resources, the quota appears in the user's list of quotas as not editable. - Click Edit.
- Modify the quota for the selected user.
You can add, edit, or remove quotas on the number of Tanzu Kubernetes clusters, all or running VMs managed by the user, consumed CPU, memory, and storage. Select Unlimited if you want the user to have unlimited resources of the selected type.
6. Click Save.
Managing Groups
If you have a valid connection to an LDAP server or have enabled your organization to use a SAML identity provider, you can import an LDAP group or a SAML group. You can also edit or delete an imported group.
Import a Group
To add a group of users, you can import an LDAP group or a SAML group.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Verify that you have a valid connection to an LDAP server or that you Enable Your Organization to Use a SAML Identity Provider .
Procedure
-
In the top navigation bar, click Administration.
-
In the left panel under Access Control, click Groups. The list of user groups appears.
-
Click Import Group.
-
Select a source from which you want to import the user group.
You can only view the source LDAP server or SAML server that you configured as identity provider.
|
Source |
Action |
|
LDAP |
Import a user group from an LDAP server.
|
|
SAML |
Import user groups from a SAML server. Enter the names of the groups that you want to import. Use a new line for each group name. |
5. Select the role which you want to assign to the group of users that you import.
6. Click Save.
What to do next
If you enabled quotas configuration for the group and Cyfuture Cloud Console redirects you to the
Quotas page, see Manage the Resource Quotas of a Group.
Delete a Group
You can remove a group from your Cyfuture Cloud Console organization by deleting their LDAP group.
When you delete an LDAP group, users who have a Cyfuture Cloud Console account based solely on their membership in that group are stranded and cannot log in.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
-
In the top navigation bar, click Administration.
-
In the left panel under Access Control, click Groups. The list of user groups appears.
-
Click the radio button next to the name of the group that you want to delete, and click Delete.
-
To confirm that you want to delete the group, click OK.
Edit a Group
You can edit a group from the Cyfuture Cloud Console tenant portal.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel under Access Control, click Groups. The list of user groups appears.
- Click the radio button next to the name of the group that you want to delete, and click Edit.
- Edit the group as necessary.
a Change the description.
b Change the role of the members of the group as necessary.
5. Click Save.
Manage the Resource Quotas of a Group
By directly setting quota on a group, you can manage the overall resource consumption limit of each user in it. You can add, edit, and remove the group's quotas on VMs, Tanzu Kubernetes clusters, CPU, memory, or storage. Quotas of the group are applied on each member of the group.
Users inherit quotas from the group they belong to. If a user inherits a resource quota from their group and has an explicit user-level quota defined for that resource, then the user-level quota takes priority over the group-level quota.
For information about importing groups, see Import a Group.
Prerequisites
Verify that you have the necessary rights to add, edit, and delete resource quotas. By default, Organization administrators can change the quotas of groups.
Procedure
-
In the top navigation bar, click Administration.
-
In the left panel under Access Control, click Groups
-
Select the name of a group and select the Quotas tab.
Groups do not have any quotas by default. All users that belong to a group inherit the group's quotas. If the user belongs to a group that has a quota on resources, the quota appears in the user's list of quotas as not editable.
4. Click Edit.
5. Modify the quota for the selected group.
You can add, edit, or remove quotas on the number of Tanzu Kubernetes clusters, all or running VMs managed by the group, consumed CPU, memory, and storage. Select Unlimited if you want the group of users to have unlimited resources of the selected type.
6. Click Save.
Roles and Rights
Cyfuture Cloud Console uses roles and rights to determine what actions a user can perform in an organization. Cyfuture Cloud Console includes a number of predefined roles with specific rights.
System administrators and organization administrators must assign each user or group a role. The same user can have a different role in different organizations. System administrators can create roles and modify existing ones for the whole system, while organization administrators can create and modify roles only for the organization that they administer.
The Cyfuture Cloud Console tenant portal allows organization administrators to manage the roles in their organization. If a system administrator publishes one or more predefined tenant roles
to your organization, as an organization administrator you can see these roles, but you cannot modify them. You can, however, create custom tenant roles with similar rights and assign them to the users within your organization.
For information about the predefined roles and their rights, see Predefined Roles and Their Rights .
Predefined Roles and Their Rights
Each Cyfuture Cloud Console predefined role contains a default set of rights required to perform operations included in common workflows. By default, all predefined global tenant roles are published to every organization in the system.
Predefined Provider Roles
By default, the provider roles that are local only to the provider organization are the System Administrator and Multisite System roles. System administrators can create additional custom provider roles.
System Administrator
The System Administrator role exists only in the provider organization. The System Administrator role includes all rights in the system. For a list of rights available only to
the System administrator role, see the Cyfuture Cloud Console Service Provider Admin Portal Guide. The System administrator credentials are established during installation and configuration. A System Administrator can create additional system administrator and user accounts in the provider organization.
Multisite System
Used for running the heartbeat process for multisite deployments. This role has only a single right, Multisite: System Operations, which gives a permission to make a Cloud Console OpenAPI request that retrieves the status of the remote member of a site association.
Predefined Global Tenant Roles
By default, the predefined global tenant roles and the rights they contain are published to all organizations. System Administrators can unpublish rights and global tenant roles from individual organizations. System Administrators can edit or delete predefined global tenant roles. System administrators can create and publish additional global tenant roles.
Organization Administrator
After creating an organization, a System Administrator can assign the role of Organization Administrator to any user in the organization. A user with the predefined Organization Administrator role can manage users and groups in their organization and assign them roles, including the predefined Organization Administrator role. Roles created or modified by an Organization Administrator are not visible to other organizations.
Catalog Author
The rights associated with the predefined Catalog Author role allow a user to create and publish catalogs.
vApp Author
The rights associated with the predefined vApp Author role allow a user to use catalogs and create vApps.
vApp User
The rights associated with the predefined vApp User role allow a user to use existing vApps.
Console Access Only
The rights associated with the predefined Console Access Only role allow a user to view virtual machine state and properties and to use the guest OS.
Defer to Identity Provider
Rights associated with the predefined Defer to Identity Provider role are determined based on information received from the user's OAuth or SAML Identity Provider. To qualify for inclusion when a user or group is assigned the Defer to Identity Provider role, a role or group name supplied by the Identity Provider must be an exact, case-sensitive match for a role or group name defined in your organization.
-
If an OAuth Identity Provider defines the user, the user is assigned the roles named in the
roles array of the user's OAuth token.
-
If a SAML Identity Provider defines the user, the user is assigned the roles named in the SAML attribute whose name appears in the RoleAttributeName element, which is in the SamlAttributeMapping element in the organization's OrgFederationSettings.
If a user is assigned the Defer to Identity Provider role but no matching role or group name is available in your organization, the user can log in to the organization but has no rights. If an Identity Provider associates a user with a system-level role such as System Administrator, the user can log in to the organization but has no rights. You must manually assign a role to such users.
Except the Defer to Identity Provider role, each predefined role includes a set of default rights. Only a System Аdministrator can modify the rights in a predefined role. If a System administrator modifies a predefined role, the modifications propagate to all instances of the role in the system.
Rights in Predefined Global Tenant Roles
Various rights are common to multiple predefined global roles. These rights are granted by default to all new organizations, and are available for use in other roles created by the Оrganization Аdministrator. For a list of the rights in predefined tenant roles, see Rights in Predefined Global Tenant Roles.
Rights in Predefined Global Tenant Roles
Various rights are common to multiple predefined global roles. These rights are granted by default to all new organizations, and are available for use in other roles created by the Оrganization Аdministrator.
Rights Included in the Global Tenant Roles in Cyfuture Cloud Console
|
New in this release |
Right Name
|
Organization Administrato r |
Catalog Author |
vApp Author |
vApp User |
Console Access Only |
|
Access All Organization VDCs |
✓ |
|||||
|
Catalog: Add vApp from My Cloud |
✓ |
✓ |
✓ |
|||
|
Catalog: Change Owner |
✓ |
|||||
|
Catalog: CLSP Publish Subscribe |
✓ |
✓ |
||||
|
Catalog: Create / Delete a Catalog |
✓ |
✓ |
||||
|
Catalog: Edit Properties |
✓ |
✓ |
||||
|
Catalog: Publish |
✓ |
✓ |
||||
|
Catalog: Sharing |
✓ |
✓ |
||||
|
Catalog: View ACL |
✓ |
✓ |
||||
|
Catalog: View Private and Shared Catalogs |
✓ |
✓ |
✓ |
|||
|
Catalog: View Published Catalogs |
✓ |
|||||
|
Custom entity: View all custom entity instances in org |
✓ |
|||||
|
Custom entity: View custom entity instance |
✓ |
|||||
|
Disk: Change Owner |
✓ |
✓ |
||||
|
Disk: Create |
✓ |
✓ |
✓ |
|||
|
Disk: Delete |
✓ |
✓ |
✓ |
|||
|
Disk: Edit Properties |
✓ |
✓ |
✓ |
|||
|
Disk: View Encryption Status |
✓ |
✓ |
||||
|
Disk: View Properties |
✓ |
✓ |
✓ |
✓ |
||
|
General: Administrator Control |
✓ |
|||||
|
General: Administrator View |
✓ |
|||||
|
General: Send Notification |
✓ |
|||||
|
Group / User: View |
✓ |
|||||
|
Hybrid Cloud Operations: Acquire control ticket |
✓ |
|||||
|
Hybrid Cloud Operations: Acquire from-the-cloud tunnel ticket |
✓ |
|||||
|
Hybrid Cloud Operations: Acquire to-the-cloud tunnel ticket |
✓ |
|||||
|
Hybrid Cloud Operations: Create from-the-cloud tunnel |
✓ |
|||||
|
Hybrid Cloud Operations: Create to-the-cloud tunnel |
✓ |
|||||
|
Hybrid Cloud Operations: Delete from-the-cloud tunnel |
✓ |
|||||
|
Hybrid Cloud Operations: Delete to-the-cloud tunnel |
✓ |
|||||
|
Hybrid Cloud Operations: Update from-the-cloud tunnel endpoint tag |
✓ |
|||||
|
Hybrid Cloud Operations: View from-the-cloud tunnel |
✓ |
|||||
|
Hybrid Cloud Operations: View to-the-cloud tunnel |
✓ |
|||||
|
Organization Network: Edit Properties |
✓ |
|||||
|
Organization Network: View |
✓ |
|||||
|
Organization vDC Compute Policy: View |
✓ |
✓ |
✓ |
✓ |
||
|
Organization vDC Distributed Firewall: Configure Rules |
✓ |
|||||
|
Organization vDC Distributed Firewall: View Rules |
✓ |
|||||
|
Organization vDC Gateway: Configure DHCP |
✓ |
|||||
|
Organization vDC Gateway: Configure DNS |
✓ |
|||||
|
Organization vDC Gateway: Configure ECMP Routing |
✓ |
|||||
|
Organization vDC Gateway: Configure Firewall |
✓ |
|||||
|
Organization vDC Gateway: Configure IPSec VPN |
✓ |
|||||
|
Organization vDC Gateway: Configure Load Balancer |
✓ |
|||||
|
Organization vDC Gateway: Configure NAT |
✓ |
|||||
|
Organization vDC Gateway: Configure Static Routing |
✓ |
|||||
|
|
Organization vDC Gateway: Configure Syslog |
✓ |
||||
|
Organization vDC Gateway: Convert to Advanced Networking |
✓ |
|||||
|
Organization vDC Gateway: View |
✓ |
|||||
|
Organization vDC Gateway: View DHCP |
✓ |
|||||
|
Organization vDC Gateway: View DNS |
✓ |
|||||
|
Organization vDC Gateway: View Firewall |
✓ |
|||||
|
Organization vDC Gateway: View IPSec VPN |
✓ |
|||||
|
Organization vDC Gateway: View Load Balancer |
✓ |
|||||
|
Organization vDC Gateway: View NAT |
✓ |
|||||
|
Organization vDC Gateway: View Static Routing |
✓ |
|||||
|
Organization vDC Network: Edit Properties |
✓ |
|||||
|
Organization vDC Network: View Properties |
✓ |
✓ |
||||
|
Organization vDC Storage Policy: View Capabilities |
✓ |
|||||
|
Organization vDC Storage Profile: Set Default |
✓ |
|||||
|
Organization vDC: Edit |
✓ |
|||||
|
Organization vDC: Edit ACL |
✓ |
|||||
|
Organization vDC: Manage Firewall |
✓ |
|||||
|
Organization vDC: View |
✓ |
✓ |
||||
|
Organization vDC: View ACL |
✓ |
|||||
|
Organization VDC: view metrics |
✓ |
|||||
|
Organization vDC: VM-VM Affinity Edit |
✓ |
✓ |
✓ |
|||
|
Organization: Edit Association Settings |
✓ |
|||||
|
Organization: Edit Federation Settings |
✓ |
|||||
|
Organization: Edit LDAP Settings |
✓ |
|||||
|
Organization: Edit Leases Policy |
✓ |
|||||
|
Organization: Edit OAuth Settings |
✓ |
|||||
|
Organization: Edit Password Policy |
✓ |
|||||
|
Organization: Edit Properties |
✓ |
|||||
|
Organization: Edit Quotas Policy |
✓ |
|||||
|
Organization: Edit SMTP Settings |
✓ |
|||||
|
Organization: Import User/Group from IdP while Editing VDC ACL |
✓ |
|||||
|
Organization: View |
✓ |
✓ |
✓ |
|||
|
Organization: view metrics |
✓ |
|||||
|
✓ |
Quota Policy Capabilities: View |
✓ |
||||
|
Role: Create, Edit, Delete, or Copy |
✓ |
|||||
|
Service Library: View service libraries |
✓ |
|||||
|
UI Plugins: View |
✓ |
✓ |
✓ |
✓ |
||
|
vApp Template / Media: Copy |
✓ |
✓ |
✓ |
|||
|
vApp Template / Media: Create / Upload |
✓ |
✓ |
||||
|
vApp Template / Media: Edit |
✓ |
✓ |
✓ |
|||
|
vApp Template / Media: View |
✓ |
✓ |
✓ |
✓ |
||
|
vApp Template: Change Owner |
✓ |
✓ |
||||
|
vApp Template: Checkout |
✓ |
✓ |
✓ |
✓ |
||
|
vApp Template: Download |
✓ |
✓ |
||||
|
vApp: Change Owner |
✓ |
|||||
|
vApp: Copy |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Create / Reconfigure |
✓ |
✓ |
✓ |
|||
|
vApp: Delete |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Download |
✓ |
✓ |
✓ |
|||
|
vApp: Edit Properties |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Edit VM Compute Policy |
✓ |
✓ |
✓ |
|||
|
vApp: Edit VM CPU |
✓ |
✓ |
✓ |
|||
|
vApp: Edit VM Hard Disk |
✓ |
✓ |
✓ |
|||
|
vApp: Edit VM Memory |
✓ |
✓ |
✓ |
|||
|
vApp: Edit VM Network |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Edit VM Properties |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Manage VM Password Settings |
✓ |
✓ |
✓ |
✓ |
✓ |
|
|
vApp: Power Operations |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Sharing |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Snapshot Operations |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: Upload |
✓ |
✓ |
✓ |
|||
|
vApp: Use Console |
✓ |
✓ |
✓ |
✓ |
✓ |
|
|
vApp: View ACL |
✓ |
✓ |
✓ |
✓ |
||
|
vApp: View VM and VM's Disks Encryption Status |
✓ |
✓ |
||||
|
vApp: View VM metrics |
✓ |
✓ |
✓ |
|||
|
vApp: VM Boot Options |
✓ |
✓ |
✓ |
|||
|
vApp: VM Metadata to VMWare vCenter |
✓ |
✓ |
✓ |
|||
|
✓ |
VDC Group: Configure |
✓ |
||||
|
✓ |
VDC Group: View |
✓ |
||||
|
✓ |
VDC Group: Configure Logging |
✓ |
||||
|
VDC Template: Instantiate |
✓ |
|||||
|
VDC Template: View |
✓ |
Create a Custom Tenant Role
Organization administrators can use the tenant portal to create custom tenant role objects in the organizations they administer.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel under Access Control, click Roles. The list of roles appears.
- Click Add.
- Enter a name and, optionally, a description of the role.
- Expand the rights for the role and select the rights for the role.
The rights are grouped in categories and subcategories that allow either viewing or managing objects.
|
Option |
Description |
|
Access Control |
Rights controlling the access to view and manage certain objects. |
|
Administration |
Rights controlling the administrative access. |
|
Compute |
Rights controlling access and management of the organization and provider virtual data centers, the vApps, organization virtual data centers templates, virtual machine groups, and virtual machine monitoring. |
|
Extensions |
Rights controlling the access to any additional plug-ins and Cyfuture Cloud Console extensions. |
|
Infrastructure |
Rights controlling the access and management of the infrastructure objects, such as datastores, disks, hosts, and so on. |
|
Libraries |
Rights controlling access and management of any catalogs and catalog items. |
|
Networking |
Rights controlling access and management of the network settings. |
6. Click Save.
Edit a Custom Tenant Role
Organization administrators can use the tenant portal to edit custom tenant role objects in the organizations they administer. As an organization administrator you can only view the global tenant roles that a system administrator has published to your organization. You cannot edit global tenant roles.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel under Access Control, click Roles. The list of roles appears.
- Click the radio button next to the role that you want to edit, and click Edit.
- Modify the role settings as needed.
a Change the name and, optionally, the description of the role.
b Edit the rights for the role.
5. Click Save.
Delete a Role
Organization administrators can use the tenant portal to delete role objects in the organizations they administer.
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
- In the top navigation bar, click Administration.
- In the left panel under Access Control, click Roles.
The list of roles appears. -
Click the radio button next to the role that you want to delete, and click Delete.
- Confirm that you want to delete the role by clicking OK.