[jira] [Resolved] (CLOUDSTACK-5030) [Doc] Document the Procedure to create custom role in vCenter for CloudStack

Fri, 08 Nov 2013 02:59:10 -0800 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-5030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radhika Nair resolved CLOUDSTACK-5030.
--------------------------------------

    Resolution: Fixed

> [Doc] Document the Procedure to create custom role in vCenter for CloudStack
> ----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5030
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5030
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Doc
>    Affects Versions: 4.2.1
>            Reporter: Sailaja Mada
>            Assignee: Radhika Nair
>              Labels: doc
>             Fix For: 4.2.1
>
>         Attachments: CustomRolesinvCenter.html
>
>
> Steps:
> Procedure to create custom role in vCenter for CloudPlatform is described 
> below:
> Requirement
> Elaborate minimal permissions required for a user account to be used by 
> CloudPlatform.
> Back ground
> To manage VMware deployments, CloudPlatform need permissions for the role to 
> manage infrastructure resources as the minimal i.e,
>     Manage cluster/host
>     Manage datastore/disks/files
>     Manage port groups
>     Manage dvPort groups
>     Manage templates
>     Import appliance
>     Export a template
>     Manage VM
>     Manage snapshot of VM
>     Manage custom field
> Solution
> Hence the idea is to create a role with above required minimal permissions 
> and assign this custom role to the user designated to be used by 
> CloudPlatform.
> For more robust implementation of this, the permissions could be divided into 
> 2 roles where as each role (mapped with a user) is added to relevant object 
> in vCenter infrastructure.
>     Global role
>         This is for custom attribute management - User with this role would 
> be added to vCenter object WITHOUT propagation to child objects.
>     Datacenter role
>         This is for datacenter management - User with this role would be 
> added to each of Datacenter object, WITH propagation to child objects, to be 
> managed by this user.
>  
> Detailed list of granualar permissions to be added to the global role to be 
> used for CloudPlatform is below.
>     Global.Manage custom attributes
>     Global.set custom attributes 
> Detailed list of granualar permissions to be added to the datacentre role to 
> be used for CloudPlatform is below. 
>     Datastore.AllocateSpace
>     Datastore.Browse
>     Datastore.Configure
>     Datastore.Remove file
>     Datastore.FileManagement (Low level file operations and Update virtual 
> machine files)
>     dvPort group.Create
>     dvPort group.Modify
>     dvPort group.Policy
>     dvPort group.Delete
>     Folder.Create folder 
>     Folder.Delete folder
>     Network.Assign
>     Network.Configure
>     Network.Remove
>     Resource.HotMigrate (Migrate powered on vm)
>     Resource.ColdMigrate (Migrate powered off vm)
>     Resource.Assign virtualmachine to resource pool
>     Resource.Assign vApp to resource pool
>     Sessions.Validatesession
>     Host.Configuration.Connection
>     Host.Configuration.Security profile and firewall
>     Host.Configuration.Maintenance
>     Host.Configuration.Storage partition configuration
>     Host.Configuration.SystemManagement
>     Host.LocalOperations.Create Virtual Machine
>     Host.LocalOperations.Delete Virtual Machine
>     Host.LocalOperations.Reconfigure Virtual Machine
>     Host.LocalOperations.Relayout Snapshots
>     vApp.Export
>     vApp.Import
>     VirtualMachine.Config.AddExistingDisk
>     VirtualMachine.Config.AddNewDisk
>     VirtualMachine.Config.AdvancedConfig
>     Virtualmachine.Configuration.Add or remove device
>     Virtualmachine.Configuration.Change CPU Count
>     Virtualmachine.Configuration.Change Resource
>     Virtualmachine.Configuration.Extend Disk
>     Virtualmachine.Configuration.Memory
>     Virtualmachine.Configuration.Modify Device Setting
>     Virtualmachine.Configuration.Reload from path
>     Virtualmachine.Configuration.Rename
>     Virtualmachine.Configuration.Remove disk
>     Virtualmachine.Configuration.Set annotation
>     Virtualmachine.Configuration.Settings
>     Virtualmachine.Interaction.Answer question
>     Virtualmachine.Interaction.Power Off
>     Virtualmachine.Interaction.Power On
>     VirtualMachine.Interaction.Reset
>     Virtualmachine.Interaction.VMware Tools install
>     VirtualMachine.Inventory.Create (New and from existing)
>     VirtualMachine.Inventory.Register
>     VirtualMachine.Inventory.Unregister
>     VirtualMachine.Inventory.Remove
>     VirtualMachine.Inventory.Move
>     Virtualmachine.Provisioning.Allow file access
>     Virtualmachine.Provisioning.Allow file upload
>     Virtualmachine.Provisioning.Allow file download
>     Virtualmachine.Provisioning.Mark as template
>     Virtualmachine.Provisioning.Clone template
>     Virtualmachine.Provisioning.Clone virtualmachine
>     Virtualmachine.Provisioning.Deploy template
>     Virtualmachine.Provisioning.Create template from virtual machine
>     Virtualmachine.Provisioning.Mark as template
>     Virtualmachine.State.Create snapshot
>     Virtualmachine.State.Remove Snapshot
>     Virtualmachine.State.Revert to snapshot
>     vSphereDistributedSwitch.Policy operation
>     vSphereDistributedSwitch.Port configuration operation
>     vSphereDistributedSwitch.Port setting 



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to