Modifying roles and permissions for VMware vRealize Operations Manager 5.x
search cancel

Modifying roles and permissions for VMware vRealize Operations Manager 5.x

book

Article ID: 341105

calendar_today

Updated On:

Products

VMware VMware Aria Suite

Issue/Introduction

This article provides information on how to modify roles and permissions to vRealize Operations Manager (formerly known as vCenter Operations Manager), using a vCenter Server Role. For more detailed information, refer to the VMware vRealize Operations Manager Documentation site.

Note that there are two caveats that can be commonly encountered:
  1. For a user to log in to the vSphere web UI using this authentication method, it requires the account to have the vRealize Operations permission on all vCenter Servers attached to vRealize Operations Manager in the admin UI.

  2. You cannot have the exact same login/username in the vSphere UI (vCenter Authentication) and the custom UI (LDAP based). The login for the vSphere UI is exactly how it is presented to a vSphere Client, but the custom UI can use any LDAP value. Therefore if a user is added to both vSphere and custom, they need to remember the unique credentials for each site.


Resolution

Prerequisite

  • vRealize Operations Manager (formerly known as vCenter Operations Manager) must be registered to the vCenter Server in question, and you must have sufficient privileges to clone or modify an existing role.
  • When vRealize Operations Manager is registered to a vCenter, it adds some new permissions for a role to take.
Permissions

To grant permissions to a "Read Only" Role:

  1. Login to the vSphere Client, as an Administrator.
  2. From the Home page, select the Roles option.
  3. Right-click the Read-Only role, and choose Clone.
  4. Give the new role an appropriate name, like Read-Only+vCOps.
  5. Right-click the newly named role (in our example, Read-Only+vCOps), and choose Edit Role.
  6. Expand the Global privilege.
  7. Select either the vCenter Operations Manager User or vCenter Operations Manager Admin privilege.
  8. Click OK.
Now the role is created, and you can assign the role to a user against the vCenter Server which has been registered to vRealize Operations (formerly known as vCenter Operations). When the role has been assigned, you can access the vRealize Operations web interface using vSphere Client credentials.


Additional Information

Only the built-in Administrator role will be automatically updated to include the vRealize Operations Manager (formerly known as vCenter Operations Manager) User/Admin privileges when vRealize Operations Manager is installed. Any custom roles (like a clone of the Administrator role) will not be updated and users that have this role assigned will not be able to access vRealize Operations Manager until the role is manually updated.修改 vRealize Operations Manager 的角色和权限