Sailaja Mada created CLOUDSTACK-5030:
----------------------------------------
Summary: [Doc] Document the Procedure to create custom role in
vCenter for CloudPlatform
Key: CLOUDSTACK-5030
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5030
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Doc
Affects Versions: 4.2.1
Reporter: Sailaja Mada
Steps:
Procedure to create custom role in vCenter for CloudPlatform is described below:
Requirement
Elaborate minimal permissions required for a user account to be used by
CloudPlatform.
Back ground
To manage VMware deployments, CloudPlatform need permissions for the role to
manage infrastructure resources as the minimal i.e,
Manage cluster/host
Manage datastore/disks/files
Manage port groups
Manage dvPort groups
Manage templates
Import appliance
Export a template
Manage VM
Manage snapshot of VM
Manage custom field
Solution
Hence the idea is to create a role with above required minimal permissions and
assign this custom role to the user designated to be used by CloudPlatform.
For more robust implementation of this, the permissions could be divided into 2
roles where as each role (mapped with a user) is added to relevant object in
vCenter infrastructure.
Global role
This is for custom attribute management - User with this role would be
added to vCenter object WITHOUT propagation to child objects.
Datacenter role
This is for datacenter management - User with this role would be added
to each of Datacenter object, WITH propagation to child objects, to be managed
by this user.
Detailed list of granualar permissions to be added to the global role to be
used for CloudPlatform is below.
Global.Manage custom attributes
Global.set custom attributes
Detailed list of granualar permissions to be added to the datacentre role to be
used for CloudPlatform is below.
Datastore.AllocateSpace
Datastore.Browse
Datastore.Configure
Datastore.Remove file
Datastore.FileManagement (Low level file operations and Update virtual
machine files)
dvPort group.Create
dvPort group.Modify
dvPort group.Policy
dvPort group.Delete
Folder.Create folder
Folder.Delete folder
Network.Assign
Network.Configure
Network.Remove
Resource.HotMigrate (Migrate powered on vm)
Resource.ColdMigrate (Migrate powered off vm)
Resource.Assign virtualmachine to resource pool
Resource.Assign vApp to resource pool
Sessions.Validatesession
Host.Configuration.Connection
Host.Configuration.Security profile and firewall
Host.Configuration.Maintenance
Host.Configuration.Storage partition configuration
Host.Configuration.SystemManagement
Host.LocalOperations.Create Virtual Machine
Host.LocalOperations.Delete Virtual Machine
Host.LocalOperations.Reconfigure Virtual Machine
Host.LocalOperations.Relayout Snapshots
vApp.Export
vApp.Import
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AdvancedConfig
Virtualmachine.Configuration.Add or remove device
Virtualmachine.Configuration.Change CPU Count
Virtualmachine.Configuration.Change Resource
Virtualmachine.Configuration.Extend Disk
Virtualmachine.Configuration.Memory
Virtualmachine.Configuration.Modify Device Setting
Virtualmachine.Configuration.Reload from path
Virtualmachine.Configuration.Rename
Virtualmachine.Configuration.Remove disk
Virtualmachine.Configuration.Set annotation
Virtualmachine.Configuration.Settings
Virtualmachine.Interaction.Answer question
Virtualmachine.Interaction.Power Off
Virtualmachine.Interaction.Power On
VirtualMachine.Interaction.Reset
Virtualmachine.Interaction.VMware Tools install
VirtualMachine.Inventory.Create (New and from existing)
VirtualMachine.Inventory.Register
VirtualMachine.Inventory.Unregister
VirtualMachine.Inventory.Remove
VirtualMachine.Inventory.Move
Virtualmachine.Provisioning.Allow file access
Virtualmachine.Provisioning.Allow file upload
Virtualmachine.Provisioning.Allow file download
Virtualmachine.Provisioning.Mark as template
Virtualmachine.Provisioning.Clone template
Virtualmachine.Provisioning.Clone virtualmachine
Virtualmachine.Provisioning.Deploy template
Virtualmachine.Provisioning.Create template from virtual machine
Virtualmachine.Provisioning.Mark as template
Virtualmachine.State.Create snapshot
Virtualmachine.State.Remove Snapshot
Virtualmachine.State.Revert to snapshot
vSphereDistributedSwitch.Policy operation
vSphereDistributedSwitch.Port configuration operation
vSphereDistributedSwitch.Port setting
--
This message was sent by Atlassian JIRA
(v6.1#6144)
