VCAP-DTA Objective 2.2 – Configure Administrator Roles and Permissions
Continuing on from the previous objective of setting global policies, the next objective on the blueprint calls on skills required to configure Administrator roles and permissions. The source reference for this section is again the View Administration guide and can all be done via View Administrator portal. If you’re a regular View admin, you should find this section reasonably straight forward. So to the skills and abilities :-
- Create, modify and delete administrator roles – Roles work in much the same way as they do in vCenter. Create a role, assign it a set of permissions and add users/groups to the role. There are some pre-defined (Administrators for example) which may be just fine for what you want, but you can be sure the exam will be looking for you to be more granular than that.
- Go to View Administrator, and in the left pane, click View Configuration and then Administrators. There are three tabs that can be accessed across the top, Administrators and Groups, Roles and Folders. In the exam, it’s quite possible you may be required to add a privilege and/or permission to a built in role as well as creating a new role.
- To create a new role, go to the Roles tab and click Add Role. Give the role a name, an optional description and then tick the privileges you want to be able to assign out.
- Add and remove user permissions – Worth double checking what these privileges do, such as Register Agent, as you may be asked in the exam to add a non vCenter source such as Terminal Services. Similar steps to delete roles, if you’re asked to.
- To modify a role, go into the Roles tab of the Administrators view, click on the custom role and click Edit to add or remove privileges. Remember you can’t edit a built in role, but you can assign permissions
- To add a folder, click the Folders tab and click Add Folders. Give the folder a name and an optional description.
- Assign and Manage permissions on View folders – To add a permission to the folder, click Add Permission, find the AD user or group to add, click Next and select the role you wish to assign them. Click Finish. This will then add an AD group or user to a folder with a set of privileges. To add a pool to a folder for administration, to to the pool and select Edit. Choose the folder you wish to assign to this pool and click OK. This will now mean you can delegate management of this pool to a role you just created.
Another short section, but roles and permissions is a relatively short topic.