Assign ViPR Roles

Table of Contents

Back to Top

Introduction

There are two levels of roles in ViPR: VDC roles and tenant roles. VDC roles are used to set up the ViPR environment which is shared by all tenants. Tenant roles are used to administrate the tenant-specific settings, such as the service catalog and projects, and to assign tenant roles. This article describes how to assign users or groups to ViPR roles.

This article applies to EMC ViPR 2.0.

You should ensure you are familiar with the main concepts behind roles, described in: Understanding Users, Roles, and ACLs.

ViPR has a local "root" user who has all roles requires to set up the VDC and the root tenant and can be used to bootstrap the system by assigning the required administrator roles. In general, the role administration proceeds as follows:
  • Root user assigns a user to the Security Administrator role
  • Security Administrator:
    • Creates System Administrator to set up VDC
    • Creates Tenant Administrator for provider tenant to administrate tenant level resources
  • Security Administrator or root Tenant Administrator creates Tenant Administrator for sub-tenant.
  • Tenant Administrator creates tenant roles for own tenant or for sub-tenants.
Back to Top

Assign a user or group to a VDC role or provider tenant role

The ViPR security administrator can assign VDC roles and tenant roles for the provider tenant.

Before you begin

  • An authentication provider must have been added to ViPR.
  • The user or group to be assigned to a role must belong to the provider tenant.
  • To assign a VDC role, you must have the Security Administrator role in ViPR.

Procedure

  1. Ensure you are in the Admin view.
  2. Select Security > Role Assignments
    If you have multiple tenants ensure that the Provider Tenant is selected. You cannot assign VDC roles to a tenant other than the provider tenant.
  3. Select Add.
  4. At the Create Role Assignment page, select Group or User.
  5. Enter the name of the user or of the group to which you want to assign a role.
  6. Select the VDC role(s) and Tenant roles that you want to assign.
  7. Select Save.
Back to Top

Assign Tenant Administrator for sub-tenant

Where a sub-tenant under the root tenant has been created, a user belonging to the sub-tenant must be assigned as the Tenant Administrator.

Before you begin

  • You must have the Tenant Administrator role for the sub-tenant to which you want to assign the role, or you must have the Security Administrator role for the VDC.
  • You will need the username or group to which you want to assign the Tenant Administrator role. The user or group must be a member of the tenant for which you want the user or group to be the administrator.

When a Tenant Administrator for the root tenant creates a new tenant, the user is automatically assigned as a Tenant administrator for the new tenant.

Procedure

  1. Select Admin > Security > Role Assignments.
  2. At the Tenant drop-down, select the tenant for which you want to assign a Tenant Administrator.
  3. Select Add
  4. Select whether the role is being assigned User or Group.
  5. Enter the name of the user or group.
  6. Select the Tenant Administrator role.
  7. Select Save.

Results

The user or group will appears in the Role Assignments table as tenant Administrator for the tenant to which he has been assigned. If an error occurs check that the user is a member of the tenant to which you are assigning the role.

Back to Top

Assign a tenant role

A user with the Security Administrator role, or Tenant Administrator role for a tenant, can assign roles to users or groups who belong to the tenant.

Before you begin

  • An authentication provider must have been added to ViPR.
  • The user or group to be assigned to a role must belong to the tenant for which you want to assign the role.
  • You must have Tenant Administrator role for the tenant, or you must have the Security Administrator role for the VDC.

The steps provided below are for assigning tenant roles from the ViPR UI.

Procedure

  1. Ensure you are in the Admin view.
  2. Select Security > Role Assignments.
  3. For multi-tenant operation only. If a tenant drop-down is available, select the tenant for which you want to assign a role.
    If you are a Tenant Administrator for the provider tenant and you are the owner of sub-tenants, you can select the sub-tenant for which you want to assign tenant roles.
  4. Select Add.
  5. At the Create Role Assignment page, select Group or User.
  6. Enter the name of the user or of the group to which you want to assign a role.
  7. Select the tenant roles that you want to assign.
  8. Select Save.