DevTest Users complain that other users with access to the box are able to view and delete their mar files. Need some assistance in putting isolation between the teams and have a mechanism to have allowed list of NT ids at the mar file level.
Please suggest what we can do to put these mechanisms in place.
Release : 10.7 and above
Resource groups are one or more DevTest Servers or VSEs. Define resource groups to determine the resources that a user or a project can access.
If you have a small environment, such as a site that has a local registry and a VSE, you must set up resource groups to control access such as restricting VSE-specific access. However, you may want to set up Resource Groups to limit the access between your Production and your Development group.
The Super User role should not be assigned to any Resource Groups, since it needs access to all resources.
You should only create Resource Groups for those users that need the limited access.
This example of for use with 3 VSEs with the role of SV Power.
Create 3 VSEs as per the KB- https://knowledge.broadcom.com/external/article/234858/how-to-run-multiple-vse-simulator-coordi.html
Create 3 new roles in IAM.
In the Portal, Create 3 Resource Groups:
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.
In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory.
In IAM, once the LDAP groups are added, you would map the Roles for those particular groups
Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.